![]() |
ConfigurationDetails about how and where KeePass stores its configuration. |
KeePass supports multiple locations for storing configuration information: the global configuration file in the KeePass application directory, a local user-dependent one in the user's private configuration folder, and an enforced configuration file in the KeePass application directory. The first one is called global, because everyone using this KeePass installation will write to the same configuration file (and possibly overwriting settings of other users). The second one is called local, because changes made to this configuration file only affect the current user.
Configuration files are stored in XML format.Configuration | Location | Typical File Path |
---|---|---|
Global | Application Directory | C:\Program Files (x86)\KeePass Password Safe 2\KeePass.config.xml |
Global (Virtualized) | Windows Vista/7/8/10 Virtual Store | C:\Users\User Name\AppData\Local\VirtualStore\Program Files (x86)\KeePass Password Safe 2\KeePass.config.xml |
Local | User Application Data | C:\Users\User Name\AppData\Roaming\KeePass\KeePass.config.xml |
Enforced | Application Directory | C:\Program Files (x86)\KeePass Password Safe 2\KeePass.config.enforced.xml |
On 32-bit systems, the name of the program files folder is 'Program Files' instead of 'Program Files (x86)'.
If you use the KeePass installer and install the program with administrator rights, the program directory will be write-protected when working as a normal/limited user. KeePass will use local configuration files, i.e. save and load the configuration from a file in your user directory.
Multiple users can use the locally installed KeePass. Configuration settings will not be shared and can be configured individually by each user.
If you downloaded the portable version of KeePass (ZIP package), KeePass will try to store its configuration in the application directory. No configuration settings will be stored in the user directory (if the global configuration file is writable).
If you are currently using a locally installed version of KeePass (installed by the KeePass installer) and want to create a portable version of it, first copy all files of KeePass to the portable device. Then get the configuration file from your user directory (application data, see above) and copy it over the configuration file on the portable device.
Settings in an enforced configuration file take precedence over settings in global and local configuration files.
This feature is intended primarily for network administrators who want to enforce certain settings for users of a shared KeePass installation.
For details, please see the Enforced Configuration help page.
This section explains in detail how loading and saving the configuration works.
When KeePass starts up and finds both global and local configuration files, it must
decide the order in which KeePass tries to get the configuration items.
This is controlled by the
(Kee
)PreferUserConfiguration
flag in the global configuration
file. If it is not present, it defaults to false.
The flag is set to true in the global configuration file of the KeePass installer package. The portable ZIP package does not contain a configuration file, consequently the flag defaults to false.
Loading:PreferUserConfiguration
flag is true, use the item from
the local configuration file, otherwise use the one of the global one.
If the global one doesn't exist or doesn't contain this item, use the default value.PreferUserConfiguration
flag is true, try to store
all configuration items into the local configuration file.
If this fails, try to store them into the global configuration file.
If this fails, report error.PreferUserConfiguration
flag is false, try to store
all items into the global configuration file.
If this fails try to store them into the local configuration file.
If this fails, report error.-cfg-local:
' command line parameter.