KeePassRDP KeePassRDP
winget install --id=KeePassRDP.KeePassRDP -e KeePassRDP is a plugin for KeePass 2.x that adds useful options to connect to the URL of an entry with RDP.
KeePassRDP is a plugin for KeePass 2.x designed to enhance remote desktop protocol (RDP) connectivity by adding useful options to connect to the URL of an entry directly. It simplifies managing and connecting to RDP resources within KeePass, streamlining workflows for users who frequently access remote systems.
Key Features:
- Connect to hosts via RDP with support for admin sessions using
mstsc.exeparameters. - Automatically manage credentials in the Windows credential manager for secure access.
- Configurable keyboard shortcuts and context menu items for quick access.
- Customizable credential picker dialog and per-entry settings for tailored workflows.
- Support for advanced features like session shadowing, DPI scaling, and secure desktop modes.
- Integration with winget for easy installation via
winget install KeePassRDP.KeePassRDP.
Audience & Benefit:
Ideal for system administrators, IT professionals, and managed service providers (MSPs) who need to securely manage multiple RDP connections. KeePassRDP enhances productivity by automating credential handling, reducing manual steps, and offering customizable tools to suit specific workflows. Its secure credential management ensures compliance with best practices while maintaining efficiency in remote access operations.
README
KeePassRDP
Overview
KeePassRDP is a plugin for KeePass 2.x that adds useful options to connect to the URL of an entry with RDP.
Installation
- Run the msi setup, self-extracting exe or unzip (and copy) the KeePassRDP.plgx file to your KeePass plugins folder.
(e.g. %ProgramFiles%\KeePass Password Safe 2\Plugins) - Start KeePass and enjoy using KeePassRDP.
:zap: Also available from winget:
> winget install KeePassRDP.KeePassRDP
Usage
To connect to target computers using RDP select one or multiple entries containing the IP-address(es) or hostname(s), right-click and select KeePassRDP > Open RDP connection (or simply press CTRL + M).
A selection dialog will be shown when multiple credentials are found. To use one of the other connection options select the corresponding item from the context menu, or press the configurable keyboard shortcut.
Features
- Connect to host via RDP
- Connect to host via RDP admin session (
mstsc.exe /adminparameter) - Support for
mstsc.exeparameters (/f,/span,/multimon,/w,/h,/public,/restrictedAdmin,/remoteGuard) - Select from matching (Windows or domain) credentials when target entry is inside configurable trigger group (see below)
- Automatic adding and removing of credentials to and from the Windows credential manager (how it works)
- Configurable keyboard shortcuts
- Configurable context menu
- Configurable toolbar items
- Configurable credential lifetime
- Customizable credential picker
- Customizable per entry settings
- General automatization helpers
- Support for advanced settings through .rdp files
- Support for self-signing of .rdp files
- :new: Support for session shadowing
- :new: Support for secure desktop
- Support for DPI-scaling
- Made with :heart: and :pizza:
Languages
See how to translate.
Documentation
How we use KeePassRDP on a daily basis (I work for an MSP where KeePass securely stores credentials for accessing customer domains and computers).
Trigger group / folder
The KeePass database could be structured like this, where each group contains entries for a specific customer:
>
>
>If there is only one jumphost or something similiar, we usually place a single entry including the credentials directly into the customer group:
>
>
>When a customer has more hosts and/or requires multiple accounts, we create a subgroup named RDP (trigger group) inside the customer group:
>
>
>The name of the trigger group can be configured from within the KeePassRDP options form (since v2.0).Entries in subgroups of the "RDP" group will trigger by default, too (since v2.3).
Afterwards entries for target hosts can be added to the trigger group:
>
>
>When using the entries matching credentials are searched from the parent (customer) group (by default they will be looked up recursively within all subgroups):
>
>
>Ignoring entries can be toggled in the KeePassRDP context menu (since v1.9.0) or from the toolbar (since v2.0).
Select one or more entries in the RDP group, press CTRL + M and KeePassRDP will show a dialog with filtered account entries (matching titles against a configurable regular expression, e.g. domain-admin, local user, ...) to connect to target hosts (using credentials).
>
>
>Finally just choose the credential you want to use and click GO (or press Enter).
Individual entry settings can be set from the KeePassRDP tab on the edit entry form (since v2.0).
>
>
>Advanced settings can be configured through .rdp files (since v2.1).
>
>
>Keyboard shortcuts
Fully configurable from within the KeePassRDP options form.
>
>
>Context menu / toolbar items
Visibility of items is configurable from within the KeePassRDP options form.
>
>
>Credential picker
Customizable from within the KeePassRDP options form.
>
>
>
>
>Automatization helpers
Can be activated from within the KeePassRDP options form.
>
>
>A certificate for signing .rdp files can be selected or generated (self-signed) on the same page.
>
>
>Session shadowing
KeePassRDP can be used to manage and shadow sessions on remote desktop/terminal servers.
>
>
>Secure desktop
Both of credential picker and executable can be configured to run on an isolated desktop, preventing global keyboard and mouse hooks (keyloggers) from capturing the input.
:safety_vest: Running the executable in a secure desktop is experimental.
An additional toolbar is displayed when the secure desktop is in use.
>
>
>:bulb: Clipboard content is shared throughout a window station, so it could still be read by malicious software.
How it works
The plugin basically calls the default mstsc.exe with the /v: (and optionally other) parameter(s) to connect.
Opening a connection with credentials will save the selected credential(s) into the Windows credential manager ("vault") for access by the mstsc.exe process.
The credential(s) will then be removed depending on how KeePassRDP is configured.
When using .rdp files a temporary file is created and removed after the mstsc.exe process exits.
Credential lifetime
Configurable from within the KeePassRDP options form.
>
>
>Translate
You can use Resources.de.resx as a starting point.
- Copy and rename the file according to the language you are translating into (e.g. KeePassRDP.es-ES.resx for spanish).
- Translate as much as wanted.
- Create a binary resource file from the ResX template by running the following in a VS Developer Command Prompt:
> resgen.exe KeePassRDP.es-ES.resx
- Copy the generated
KeePassRDP.es-ES.resourcesfile to%AppData%\KeePass. - Please share your progress with the KeePassRDP community :heart:.
:bulb: This also allows overwriting of all (translatable) built-in strings.
Silent extraction
The following example will extract the .plgx file and overwrite it in the target folder:
> KeePassRDP_v2.3.exe /Q:A /C /T:"%ProgramFiles%\KeePass Password Safe 2\Plugins"
When using the msi setup, the installation directory is determined automatically:
> KeePassRDP_v2.3.msi /qb
:bulb: Writing into %ProgramFiles% usually requires administrator privileges. The msi setup requests elevation if necessary.
Building instructions
Just clone the repository:
> git clone https://github.com/iSnackyCracky/KeePassRDP.git
Open the solution file (KeePassRDP.sln) with Visual Studio (2022) and build the KeePassRDP project:
>
>
>You should get ready-to-use .plgx, .zip, and .exe files like the ones from the releases. To get an msi file build the KeePassRDPSetup project.
:bulb: Remember to place a copy of KeePass.exe in the KeePass folder before building.
Third-party software
KeePassRDP makes use of the following third-party libraries:
- the awesome Json.NET by James Newton-King
- the awesome PLGX Build Tasks by Walter Goodwin
- the awesome WixSharp by Oleg Shilo
- Visual Studio 2022 Image Library by Microsoft