KeePass Help Center KeePass Home | Downloads | Translations | Plugins | Donate 
Help Center Home | Forums | Awards | Links 







URL Field

The URL field supports various special protocols and placeholders.
Usage Tips & Tricks:

Standard Capabilities

The URL field can execute any valid URL for which a protocol handler is defined. On most systems at least the http://, https://, ftp:// and mailto: protocols are defined. KeePass supports all protocols that Windows supports.

For example, if you globally (i.e. using the Windows Explorer) register PuTTY for ssh:// URLs, KeePass will automatically use PuTTY for ssh:// URLs, too.


Executing Command Lines

Instead of a URL, you can also execute command lines using the URL field. To tell KeePass that the line you entered is a command line, prefix it using cmd://. For example if you would like to execute Notepad, your URL could look like this:

cmd://C:\Windows\Notepad.exe C:\Test\MyTestFile.txt

The virtual cmd:// protocol also supports parameters for executable files, in contrast to the file:// protocol. This was the main reason why cmd:// was introduced; with file:// you aren't able to pass any parameters to started applications. Use the cmd:// protocol instead.

The paths for the cmd:// protocol don't need to be encoded. For example, you do not have to replace space characters by %20, as it is normally required for other URLs. KeePass just cuts away the cmd:// virtual protocol prefix and passes the remaining command line to the system.

If the file path contains spaces, you must enclose it in quotes (").

Environment Variables:
System environment variables are supported. The name of the variable must be enclosed in '%' characters. For example %TEMP% is replaced by the user's temporary path.

UNC Paths:
Windows-style UNC paths (starting with \\) are directly supported, i.e. they do not need to be prefixed with cmd://.

Double Quotes (") and Backslashes (\):
There are multiple rule sets for parsing command lines (SHELLEXECUTEINFOW structure, CommandLineToArgvW function, main function and command line arguments, etc.). These rule sets are contradictory; command lines are interpreted differently. For example, in the SHELLEXECUTEINFOW structure documentation, backslashes have no special meaning, whereas the CommandLineToArgvW function sometimes interprets a backslash as an escape character. Another example: A"""B C"""D is interpreted as one argument (namely A"B C"D) by the Microsoft C/C++ startup code (main function), whereas the CommandLineToArgvW function returns two arguments (namely A"B and C"D). KeePass cannot know how the executed application will interpret its command line, and there is no command line encoding that is interpreted as intended by all applications. Therefore, we recommend:

  • Use double quotes (") only to indicate the start and the end of the file path or of an argument. Do not use a quote in data that requires encoding. For example, if your command line contains a {PASSWORD} placeholder, the password should not contain a quote.
  • Use a backslash only when the next character is not a quote, i.e. avoid \". Especially, avoid data ending with a backslash if a quote follows on the command line. For example, if the command line contains an argument like -pw:"{PASSWORD}", the password should not end with a backslash, because otherwise the placeholder replacement results in the problematic \" sequence.

Unix-like Systems:
On Unix-like systems, KeePass assumes that double quotes (") and backslashes (\) must be encoded. Furthermore, KeePass assumes that single quotes (') only occur in contexts where they must not be encoded (e.g. within double quotes). So, if any of your arguments may contain a single quote, you have to ensure that it occurs within such a context. On Windows, this is irrelevant, as single quotes do not have a special meaning here.


Placeholders

In the URL field, you can use several placeholders that will get automatically replaced when the URL is executed. For example:

https://www.example.com/default.php?user={USERNAME}&pass={PASSWORD}

For this entry, KeePass will replace {USERNAME} by the data of the username field and {PASSWORD} by the data in the password field when you execute the link.

For a complete list of supported placeholders, see the page Placeholders.

Also note that the special placeholders are supported, too. For example, the {APPDIR} placeholder is replaced by the application directory path of the currently running KeePass instance. It's the absolute path of the directory containing the KeePass executable, without a trailing backslash. If you would like to start a new KeePass instance, you could set the URL to:

cmd://"{APPDIR}\KeePass.exe"

To use different browsers for entries, you can use URLs like the following:
cmd://{INTERNETEXPLORER} "https://www.example.com/"
cmd://{FIREFOX} "https://www.example.com/"
cmd://{OPERA} "https://www.example.com/"
cmd://{GOOGLECHROME} "https://www.example.com/"
cmd://{SAFARI} "https://www.example.com/"
The browser placeholder will be replaced by the browser's executable path (if the browser is installed).


Changing the URL Handler (URL Override)


KeePass 1.x Only

The URL field behavior can be overridden individually for each entry using the Notes field. This allows you to execute a specific URL, while still using the URL field to (only) store data.
Simply enter Url-Override: followed by the command line you require into the notes field. When double-clicking the URL field of the entry in the main window, the specified command line (in the notes field) will be run.

Using a different browser:
If your default browser is Firefox and you want to open a specific site with Internet Explorer, add the following to the Notes field:

Url-Override: cmd://{INTERNETEXPLORER} "{URL}"

KeePass will open Internet Explorer and pass the data from the URL field as the parameter. This uses a placeholder to find Internet Explorer.

Globally changing the URL behavior:
If you want to change the default URL action (i.e. for all URLs), you can add a KeeUrlOverride line to the KeePass.ini file.


KeePass 2.x Only

The URL field behavior can be overridden individually for each entry using the field 'Override URL' (tab 'Properties' in the entry dialog). This allows you to execute a specific URL, while still using the URL field to (only) store data. When double-clicking the URL field of the entry in the main window, the specified command line (in the URL override field) will be run.

Using a different browser:
If your default browser is Firefox and you want to open a specific site with Internet Explorer, specify the following in the URL override field:

cmd://{INTERNETEXPLORER} "{URL}"

KeePass will open Internet Explorer and pass the data from the URL field as the parameter. This uses a placeholder to find Internet Explorer.

Globally changing the URL behavior:
If you want to change the default URL action for a URL scheme (e.g. http://, https:// or ftp://), you can define a URL scheme override in 'Tools' → 'Options' → tab 'Integration' → 'URL Overrides'. This for example allows to specify a browser as default for websites (in the dialog you can find several overrides for browsers like Internet Explorer, Mozilla Firefox, Opera and Google Chrome).

URL scheme overrides can also be used to define new protocols. For example, if you want to define a protocol kdbx:// that opens another KeePass database, specify the following as override for the kdbx scheme (on Windows):
cmd://"{APPDIR}\KeePass.exe" "{BASE:RMVSCM}" -pw-enc:"{PASSWORD_ENC}"
On Unix-like systems (Mono):
cmd://mono "{APPDIR}/KeePass.exe" "{BASE:RMVSCM}" -pw-enc:"{PASSWORD_ENC}"
If an entry now has a URL looking like kdbx://PathToYourDatabase.kdbx and the master password for this database in the password field, double-clicking the URL of the entry in the main window opens the other database. The -pw-enc command line parameter and the {PASSWORD_ENC} placeholder allow passing the master password of the other database in encrypted form, i.e. process monitors and similar utilities aren't be able to read the master password.



Starting RDP/TS Sessions

You can use the URL field of entries and the virtual cmd:// protocol to start remote desktop connections.

For this, enter the following in the URL field of an entry:

cmd://mstsc.exe

When you now double-click the URL field of the entry in the main window, a Windows remote desktop connection is initiated.

MSTSC is the Windows terminal server connection program (remote desktop connection). You can pass a path to an existing RDP file to the program to open it. For example, the following URL opens the specified RDP file:

cmd://mstsc.exe "C:\My Files\Connection.rdp"

MSTSC also supports several command line options:

  • /v:<Server[:Port]>
    Defines the terminal server to connect to.
  • /console
    Connects to the terminal session of the server.
  • /f
    Starts the client in full screen mode.
  • /w:<Width>
    Defines the width of the remote desktop screen.
  • /h:<Height>
    Defines the height of the remote desktop screen.
  • /edit
    Opens the specified RDP file for editing.
  • /migrate
    Migrates old connection files to new RDP files.

Executing Built-In Shell Commands

The URL field can be used to start applications/documents and URLs. If you want to execute a built-in shell command, like COPY for example, this however doesn't work directly, because there is no COPY.EXE (in Windows 9x times there actually was one, but on all modern Windows operating systems these commands are built-in to the command line window).

In order to execute built-in shell commands, you need to pass them to the command line interpreter cmd.exe.

For the COPY command you would specify cmd.exe as executable file and /C COPY from to as arguments (where 'from' and 'to' are paths). The /C parameter tells cmd.exe to execute the command line that follows.

In the URL field, your URL would look like the following:
cmd://cmd.exe /C COPY from to
In other locations, like command lines in the trigger system, you can leave out the cmd:// URL prefix.





Get KeePass