KeePassium 1.41 released

KeePassium 1.41 adds database printing, extends support for field references, and improves compatibility with TOTP codes configured by KeePass.

Database printing

Sometimes it is useful to have a physical copy of your passwords. With the new printing feature, you can now easily print your passwords for safekeeping and easy reference.

Database print dialog
Database print dialog

To use this feature, unlock your database and tap the “Print” button at the bottom of the screen. KeePassium will generate a structured PDF document with the hierarchy of groups and entries, including usernames, passwords, notes and custom fields. You can then either export the document or print it directly from your device.

Field placeholders

Back in 2020, KeePassium added support for entry field references, where a specially formatted text would be replaced with a field value from another entry. The current release extends this with simplified references to fields within the same entry (“placeholders” in KeePass terms).

Specifically, an entry field that contains text like {S:Password} would be automatically replaced with the entry’s password. If later you change the password field, all the references will be updated automatically. This method works with all the standard fields (Title, Username, Password, URL, Notes), and custom fields, too (just use {S:Your field name}).

Admittedly, this is a rather niche feature, but we prioritized it for a good reason:

Interoperability with KeePass-defined TOTP codes

Some KeePass users noticed that one-time passwords (OTP) configured in KeePass don’t show up in KeePassium, and vice versa.

There is a long and boring story behind this, but we’ll keep it brief here. KeePass had added TOTP support later than most mobile apps. By that time, there were three well-established formats for storing TOTP settings (KeePassium supports all three). Unfortunately, KeePass deemed the existing standards fatally flawed and introduced its own format, incompatible with any other app at the time.

As a result, most apps and services today define OTP settings using the otpauth URI format. This is what’s encoded in QR codes shown by various services during 2FA setup. In turn, KeePass stores OTP settings as a collection of fields named TimeOtp-… and ignores any other formats.

Now for the good news. Starting from today, we can bridge the gap using field placeholders. For every entry with the TimeOtp- fields, create an extra field named otp and set its value to otpauth://totp/?secret={S:TimeOtp-Secret-Base32}. This way, TOTP settings stored by KeePass would be recognized and properly handled by KeePassium and KeePassXC:

TOTP compatibility using field placeholders. TOTP compatibility using field placeholders.
TOTP compatibility using field placeholders.

Full KeePassium 1.41 changelog