Clone wiki

KeeCloud / Synchronization-Credentials

One of the best use cases for KeeCloud is synchronization with copies of the database in the cloud (see workflows)

In order to aid with this, an alternate credential entry method exists. Instead of entering the credentials into the synchronization form, the title of an entry in KeePass can be used instead. The username and password will be read from that entry and used instead. This allows you to set up triggers without having to save sensitive information (username and password) in the trigger configuration. It also makes it much easier to remember as the synchronization dialog doesn't let you open an entry in KeePass while you are using it.

Note that this only works for synchronization or Save as URI. This doesn't work for opening new database files even if you have another database open. When you open another database, KeeCloud loses the context of the other open database and can't read the entry anymore so it can't use credentials from there. During both synchronization and save as operation KeeCloud can reference the open database through the whole operation.

Structuring the KeePass entry

If you use the credential configuration wizard and save an entry, you are ready to go. Change the title of the entry to something that you can remember and you are ready to go.

If you either didn't save the entry, and now want to, or used a provider that doesn't use the credential configuration wizard then you can create the entry yourself.

There are really only three things that KeeCloud looks for when using an entry.

  1. The URL must be something that has the protocol. If you are using Amazon S3 but there is no URL, or the URL is something like http://something rather than s3://something then it won't use the entry.
  2. The username and password must be set to something
  3. The title must be set to something and must match the username provided in the synchronization form.

KeeCloud will find the first entry whose title matches the username you provided to the synchronization form and the above criteria.


To reference en entry, simply put the title in the username field. The database that contains the entry must be open and unlocked or it won't work. Typically it would be located in the database that you are syncing. The protocol in the URL on the synchronization form must match the protocol in the password entry or the supplied credentials will be used.


If using this with triggers it works better to supply a password even if it is just junk. This is because KeePass will prompt the user for the password if one isn't supplied. This prompt sometimes causes problems with KeeCloud and is an additional step that isn't really needed.