KeePass Help Center KeePass Home | Downloads | Translations | Plugins | Donate 
Help Center Home | Forums | Awards | Links 

Plugins (2.x)

Installation, uninstallation and security of KeePass 2.x plugins.


KeePass features a plugin framework. Plugins can provide additional functionality, like support of more file formats for import/export, network functionalities, backup features, etc.

Online Resources

Plugins can be found on the Plugins page.

Plugin Installation and Uninstallation

If there are no explicit instructions how to install the plugin, follow these steps:

  1. Download the plugin from the page above and unpack the ZIP file to a new folder.
  2. In KeePass, click 'Tools' → 'Plugins' → button 'Open Folder'; KeePass now opens a folder called 'Plugins'. Move the new folder (containing the plugin files) into the 'Plugins' folder.
  3. Restart KeePass in order to load the new plugin.

To uninstall a plugin, delete the plugin files.

On some Linux systems, the mono-complete package may be required for plugins to work properly.

PLGX plugins are compiled by KeePass and the generated files are stored in a plugin cache, which by default is located in the user's application data directory (so, running a PLGX plugin by default creates files outside the KeePass application directory). These plugin cache files do not need to be copied to other systems though, because they are generated on each system and do not contain any user data.


What about the security of plugins? Can't malicious plugins 'inject' themselves into KeePass?

If plugins can register themselves (i.e. have write access to the KeePass directory), they could also just replace the whole 'KeePass.exe' file. It's a problem of file access rights, not the plugin system.

If you worry about this, install KeePass as administrator into the program files directory (which is the default, typically in a folder in 'C:\Program Files'). Afterwards, run KeePass and other applications only as normal user (without administrator privileges).

This solves the problem above. As the KeePass directory is write-protected for normal users, no other program can copy files into it. KeePass requires the plugins to be in the application directory. Therefore, plugins cannot inject themselves anymore.

If you use the portable package of KeePass or installed it into a different directory, you need to adjust the directory permissions yourself.

Plugin Cache

PLGX plugins are compiled and stored in a plugin cache directory on the user's system. This cache highly improves the startup performance of KeePass. Old files are normally deleted from the cache automatically (this can be disabled in the plugins dialog). The cache does not contain any user data.

By default, the plugin cache is located in the user's application data directory. However, this can be overridden using the Application/PluginCachePath setting in the configuration file (this setting supports placeholders and environment variables). So, if you're for example using KeePass on a portable device and don't want the cache to be on the system, you could set the path to {APPDIR}\PluginCache.

Warning Do not relocate the plugin cache into the 'Plugins' folder of the KeePass application directory, because this can result in a severe performance degradation.

Get KeePass