Password managers
Set up XPipe to retrieve passwords from an external password manager
Introduction
Via the available password manager integrations, you can configure XPipe to retrieve passwords from your locally installed password manager. That way, XPipe doesn't have to store any secrets itself, they are only queried at runtime.
You can enable this in the settings menu:
There are various different integrations available for many popular password managers. You can find the setup instructions on this page.
1Password
The 1Password integration requires you to first install the 1Password CLI and add it to the PATH. This executable is not included in the normal 1Password installation, so you will have to install it manually.
Once the op command is set up, you can instantly use it from XPipe. You will have to confirm the first access request to the vault, but afterwards it works automatically without user input:
1Password requires the password references to be in a very specific format. For more information, see the 1Password docs. In short, any secret you reference from XPipe has to have the form of op://<vault>/<item>/<field>, so for example op://personal/myitem/password.
KeePassXC
The KeePassXC integration works over the KeePassXC browser extension interface, meaning that it will handle it the same way as the KeePassXC browser extensions if you have them installed. For this to work, you first have to enable the browser integration in KeePassXC at Tools -> Settings:
Then, upon the first request from XPipe, you should be prompted to allow XPipe to access your database, assuming that it is unlocked:
If you confirm this, XPipe will be able to retrieve passwords from KeePassXC.
Note that since XPipe uses the browser integration, XPipe can only access entries by their URL, not their name. Any entry has to be referenced by the URL field. In practice, the URL field doesn't have to be a valid URL; any name will also suffice.
Bitwarden
The Bitwarden integration requires you to first install the Bitwarden CLI and add it to the PATH. This executable is not included in the normal Bitwarden installation, so you will have to install it manually.
Once the bw command is set up, you will first have to log in initially via bw login or via a different command, depending on which authentication method to use. For more information, see the Bitwarden docs.
If you are logged in, XPipe will be able to unlock the vault. For that, XPipe will initially prompt for the master password when Bitwarden is first used during a session:
Then, XPipe will be able to retrieve passwords from Bitwarden during the session using the entry's item name.
Dashlane
The Dashlane integration requires you to first install the Dashlane CLI and add it to the PATH. This executable is not included in the normal Dashlane installation, so you will have to install it manually.
Once the dcli command is set up, you will first have to log in initially when XPipe first calls the command.
Then, XPipe will be able to retrieve passwords from Dashlane during the session using the entry's item name.
Keeper
The Keeper integration requires you to first install the Keeper Commander CLI and add it to the PATH. This executable is not included in the normal Keeper installation, so you will have to install it manually.
Once the keeper command is set up, you will first have to log in initially when XPipe first calls the command.
If you are logged in, XPipe will be able to unlock the vault. For that, XPipe will initially prompt for the master password when Keeper is first used during a session.
Then, XPipe will be able to retrieve passwords from Keeper during the session using the record's UID, which you will have to look up for an entry first:
LastPass
The LastPass integration requires you to first install the LastPass CLI and add it to the PATH. This executable is not included in the normal LastPass installation, so you will have to install it manually.
Once the lpass command is set up, you will first have to log in initially when XPipe first calls the command.
Then, XPipe will be able to retrieve passwords from LastPass during the session using the case-sensitive entry name.
Enpass
The Enpass integration requires you to first install the community-made Enpass CLI and add it to the PATH. This executable is not included in the normal Enpass installation, so you will have to install it manually.
Once the enpass-cli command is set up, you will have to locate your vault.json file. You can find this file at Enpass Settings -> Advanced -> Data location.
XPipe will initially prompt for the master password when Enpass is first used during a session. Then, XPipe will be able to retrieve passwords from Enpass during the session using the entry's item name.
Psono
The Psono integration requires you to first install the Psono CLI and add it to the PATH.
Once the psonoci command is set up, you will have to enter the data of an API key. You can read about how to create one here.
You need the API key ID, API key secret key, and server URL from the API key page:
Once you have entered them in the XPipe settings menu, you need to obtain the secret ID for every associated secret. You can associate secrets with this API key in the secrets tab on the same page:
Only secrets that are added to the API key can be queried. The secret ID is specific to an API key, so you can only obtain it from this page.
Windows credential manager
On Windows, you have access to the Windows credential manager. XPipe can retrieve passwords from it by referencing the credential name.
Custom command
If you are using a password manager solution that is not supported by a dedicated integration, there's still the option of specifying a custom command to run to retrieve passwords.
The idea is to specify a command template using the placeholder $KEY, which will be replaced by the password reference key. For example, supplying the command mypassmgr get $KEY will be replaced with mypassmgr get "sample-login" by XPipe when the command executed. Any kind of shell command syntax is supported, including features like pipes, redirects, multiline commands, and more.
An important aspect to consider when using a custom command is that XPipe can't supply any user inputs like a vault password when using it. This means that if your password manager CLI requires the user to enter some form of unlock password, it won't work. The command will not finish and that case and stays stuck. You might be able to work around this limitation by handling the password input either via some form of file or an askpass tool.