KeePassX Database merge...

I’ve done a lot in the past three weeks. I finally went back to Mardi Gras in New Orleans, something I haven’t been able to do since I started working in Huntsville. I also managed to move this site to my old VPS. The edis.at OpenVZ VPS was a little under powered for my tastes, though its pricing is very attractive. Turns out the original Apache2 documentation I first found (I can’t find the link for the life of me) was wrong: you CAN have multiple SSL sites behind one IP address, thanks to a browser extension: Server Name Indication (SNI). This Google search should help you find the appropriate articles to set it up. All I did was backup both WordPress databases on my two sites, backup both sets of WordPress files, copy the relevant apache2 configurations over to my ChunkHost, restore the database to the new server, and restore the WordPress files (to a different web-root). It worked like a charm!

While I was in Mobile last week, my ISP (Knology) decided to do some network maintenance. My IP address changed, and my pfSense router hadn’t been configured to automatically obtain a new lease. Thus I was unable to reach my KeePassX database. I will get to the KeePassX database merge below. To rectify the WAN DHCP lease problem, I discovered these instructions. Since Knology changes my IP address so infrequently, I’m not likely to even notice the problem until I look at my IP address.

When I was down in Mobile last week, I went to the USA Career Fair to seek employment in Mobile. Got a lot of good leads, so I started filling out online applications. However, saving my passwords to KeePassX proved to present me a problem: I didn’t have access to my password database via sshfs. This meant I had to use my local copy. This meant that anything I added or deleted from the local copy wouldn’t be reflected in my master database. When I got back to Huntsville, and sorted out my WAN connection problem, I needed a way to merge the databases (I did not want to do it by hand).

I noticed that KeePassX has import and export functions, but no explicit merge. I didn’t want to import the laptop local database into the master, since I was afraid of a lot of duplicates. I did find this KeePassX forum topic, that presents some solutions. The patch that was linked isn’t directly accessible to the public, and it’s unclear whether it was added to keepassx on Debian sid. However, further down that page, someone had posted a public-domain Python script which will merge the two databases. Here’s a link to the script. I backed up my databases in case something went wrong, and actually renamed my master database to avoid overwriting it in place.

Basically you provide three XML database names, the first source, the second source, and the destination file. However, it only seems to add the entries that are in both files, plus the ones that are only in the first. Since I had entries that were unique to both files, it appears that all I had to do was run kdb-merge twice, and just swap the first and second source. This is essentially what I ran:

kdb-merge master.xml laptop.xml merged.xml
kdb-merge laptop.xml master.xml merged.xml

The true test was loading up the merged.xml file into KeePassX. I loaded a new, blank database (which it turns out I didn’t have to do; importing an XML file apparently creates a new database). I then made sure the different entries from both files were there. I still have the backup files, should something be missing or be totally wrong.

One final step was to shred the XML files, since they contain the passwords in plaintext format. A simple rm/remove/delete would not do, since most disks don’t overwrite a deleted file (and its contents remain on disk). Perhaps if I had SSDs in this system it’d be different. That’s for the next workstation.