![]() |
Plugins (2.x)Installation, uninstallation and security of KeePass 2.x plugins. |
KeePass features a plugin framework. Plugins can provide additional functionality, like support of more file formats for import/export, network functionalities, backup features, etc.
Plugins can be found on the Plugins page.
If there are no explicit instructions how to install the plugin, follow these steps:
To uninstall a plugin, delete the plugin files.
Linux:
On some Linux systems, the mono-complete
package may be
required for plugins to work properly.
Portability:
PLGX plugins are compiled by KeePass and the generated files are stored
in a plugin cache, which by default is located in the
user's application data directory (so, running a PLGX plugin by default
creates files outside the KeePass application directory).
These plugin cache files do not need to be copied to other systems though,
because they are generated on each system and do not contain any user data.
What about the security of plugins? Can't malicious plugins 'inject' themselves into KeePass?
If plugins can register themselves (i.e. have write access to the KeePass directory), they could also just replace the whole 'KeePass.exe' file. It's a problem of file access rights, not the plugin system.
If you worry about this, install KeePass as administrator into the program files directory (which is the default, typically in a folder in 'C:\Program Files (x86)'). Afterwards, run KeePass and other applications only as normal user (without administrator privileges).
This solves the problem above. As the KeePass directory is write-protected for normal users, no other program can copy files into it. KeePass requires the plugins to be in the application directory. Therefore, plugins cannot inject themselves anymore.
If you use the portable package of KeePass or installed it into a different directory, you need to adjust the directory permissions yourself.
PLGX plugins are compiled and stored in a plugin cache directory on the user's system. This cache highly improves the startup performance of KeePass. Old files are normally deleted from the cache automatically (this can be disabled in the plugins dialog). The cache does not contain any user data.
By default, the plugin cache is located in the user's application data
directory. However, this can be overridden using the
Application/PluginCachePath
setting in the configuration file
(this setting supports placeholders and environment variables).
So, if you're for example using KeePass on a portable device and don't want
the cache to be on the system, you could set the path to {APPDIR}\PluginCache
.
Do not relocate the plugin cache into the 'Plugins' folder of the
KeePass application directory, because this can result in a severe
performance degradation.