Using the KeePassX password manager you can:

  • Store many passwords in an encrypted database which is protected by a single passphrase of your choice.
  • Always use different and stronger passwords, since you only have to remember a single passphrase to unlock the entire database.
  • Generate very strong random passwords.

Create and save a password database

Follow these steps to create a new password database and save it in the persistent volume for use in future working sessions.

To learn how to create and configure the persistent volume, read the documentation on persistence.

  1. When starting Tails, enable the persistent volume.

  2. In the Persistent Volume Assistant, verify that the Personal Data persistence feature is activated. If it is deactivated, activate it, restart Tails, and enable the persistent volume.

  3. To start KeePassX, choose Applications ▸ Accessories ▸ KeePassX.

  4. To create a new database, choose Database ▸ New database.

  5. The database is encrypted and protected by a passphrase.

    • Specify a passphrase of your choice in the Enter password text box.
    • Type the same passphrase again in the Repeat password text box.
    • Click OK.
  6. To store the database in the persistent volume for use in future working sessions:

    • Choose Database ▸ Save database.
    • Save the database as keepassx.kdbx in the Persistent folder.

Restore and unlock the password database

Follow these steps to unlock the password database saved in the persistent volume from a previous working session.

  1. When starting Tails, enable the persistent volume.

  2. To start KeePassX, choose Applications ▸ Accessories ▸ KeePassX.

  3. If you have a database named keepass.kdbx in your Persistent folder, KeePassX automatically displays a dialog to unlock that database.

    Enter the passphrase for this database and click OK.

  4. If you enter an invalid passphrase the following error message appears:

    Unable to open the database.
    Wrong key or database file is corrupt.

    Then click OK and try again.

In addition to the password database, you can store your KeePassX settings using the Dotfiles persistence feature. To do so, create the folder /live/persistence/TailsData_unlocked/dotfiles/.config/keepassx/ and copy the file ~/.config/keepassx/keepassx2.ini to it.

Migrating a password database from Tails 2.12 and earlier

The database format of KeePassX 1 (Tails 2.12 and earlier) is incompatible with the database format of KeePassX 2 (Tails 3.0 and later).

To migrate your database to the new format:

  1. Start KeePassX.

  2. Choose Database ▸ Import KeePass 1 database.

  3. Select your database, for example keepassx.kdb.

  4. After your database is open, save it to the new format:

    • Choose Database ▸ Save database.
    • Save the database as keepassx.kdbx in the Persistent folder.

    Note that only the file extension is different:

    • kdb for the old format.
    • kdbx for the new format.
  5. This operation does not delete your old database from your Persistent folder.

    You can now delete your old database or keep it as a backup.

Additional documentation

For more detailed instructions on how to use KeePassX, refer to the KeePassX guide of Security in-a-Box.