Settings

KeePass 2.x Plugins


Installation, uninstallation and security of KeePass plugins.

Plugin  Introduction

KeePass features a plugin framework. Plugins can provide additional functionality, like support of more file formats for import/export, network functionalities, backup features, etc.


Info  Online Resources

You can download the latest KeePass plugins (and their source code) from http://keepass.info/plugins.html.


Computer  Plugin Installation and Uninstallation

If the plugin doesn't provide explicit instructions how to install it, follow these steps:

  1. Download the plugin from the page above and unpack the ZIP file to a directory of your choice.
  2. Copy the unpacked plugin files into the KeePass directory (where the KeePass.exe is) or a subdirectory of it.
  3. Restart KeePass in order to load the new plugin.

In other words, to "install" a plugin you simply need to copy it somewhere into the KeePass directory.

To "uninstall" a plugin, delete the plugin files.


Locked  Security

What about the security of plugins? Can't malicious spyware plugins 'inject' themselves into KeePass?

If plugins can register themselves (i.e. have write access to the KeePass directory), they could also just replace the whole KeePass.exe. It's rather a problem of file access rights, not the plugin system.

If you worry about this, you can do the following:

  1. Install KeePass as administrator.
  2. Write-protect the KeePass directory. Nobody must have write access.
  3. Log on as normal user (with no administrator privileges).

This will solve the problem above. Since the KeePass directory is write-protected, no other program can copy files into it. KeePass requires the plugins to be in the application directory. Therefore, plugins cannot inject themselves anymore.


Computer  Plugin Cache

PLGX plugins are compiled and stored in a plugin cache directory on the user's system. This cache highly improves the startup performance of KeePass. Old files are normally deleted from the cache automatically (this can be disabled in the plugins dialog).

By default, the plugin cache is located in the user's application data directory. However, this can be overridden using the Application/PluginCachePath setting in the configuration file (this setting supports placeholders and environment variables). So, if you're for example using KeePass on a portable device and don't want the cache to be on the system, you could set the path to {APPDIR}\PluginCache.