KeePass Help Center KeePass Home | Downloads | Translations | Plugins | Donate 
Help Center Home | Forums | Awards | Links 

Customization (2.x)

KeePass 2.x features various options for network administrators to customize the program's appearance and behavior.


Most options below are configured by directly editing the KeePass.config.xml configuration file. If you're planning to deploy a customized KeePass version, you should fully understand the KeePass configuration system, especially how to enforce some settings and leave others up to users.

Note that KeePass features a rich plugin framework. If there's no item in the XML file to configure what you're thinking about, you might want to write a plugin.

Minimum Master Password Requirements

You can specify several properties that master passwords must have in order to be accepted (length, estimated quality, ...). See Specifying Minimum Master Password Properties.

Specifying UI Element States

The state (enabled, disabled, visible, hidden) of several user interface (UI) elements can be specified using the UIFlags value of the UI node in the configuration file. This can be a bitwise combination of one or more of the following flags:

Flag (Hex)Flag (Dec) Description
0x00 Don't force any states (default).
0x11 Disable 'Tools' → 'Options' menu item.
0x22 Disable 'Tools' → 'Plugins' menu item.
0x44 Disable 'Tools' → 'Triggers' menu item.
0x88 Disable controls to specify after how many days the master key should/must be changed.
0x1016 Hide password quality progress bars and information labels.
0x2032 Disable 'Help' → 'Check for Updates' menu item.
0x4064 Disable 'Tools' → 'Database Tools' → 'XML Replace' menu item.
0x80128 Disable 'File' → 'Database Settings' menu item.
0x1000065536 Hide built-in profiles in the password generator context menu of the entry editing dialog.
0x20000131072 Show UI elements related to last access times.
Note: Databases are not marked as modified when a last access time changes. Thus, when only last access times are changed and the user closes the database (without saving manually first and without a save forced e.g. by a trigger or plugin), the changes to the last access times are lost.
0x40000262144 Do not display information dialogs when creating a new database.
0x80000524288 Do not display auto-type obfuscation compatibility information dialogs.
0x1000001048576 Do not clear the quick search terms list when closing/locking a database.
Note: Even if this flag is set, the list is cleared when exiting KeePass. If you frequently perform the same searches, consider using tags or search profiles.
0x2000002097152 Enable the Input Method Editor (IME) on secure desktops.
Warning This can result in problems (black screen, IME/CTF process with high CPU usage, ...). See 'Why does the Input Method Editor (IME) not work?'.
0x4000004194304 Automatically adjust weak key transformation settings to the current default values, without a warning/confirmation dialog. If this UIFlags bit is set, the option 'Show warning when the key transformation settings are weak' (which is activated by default) has no effect. When adjusting the key transformation settings, the database is marked as modified.

The value of UIFlags must be specified in decimal notation.

For example, if you want to disable the 'Options' and 'Check for Updates' menu items, you'd specify 33 as value for the UIFlags node (0x1 + 0x20 = 1 + 32 = 33).

More Options

  • Configuration/Application/ConfigSave:
    If this option is set to false, KeePass does not save any configuration settings (i.e. the configuration is loaded normally, but changes to it are discarded when exiting KeePass).
  • Configuration/Application/ExpirySoonDays:
    Specifies the number of days within which entries are considered to expire "soon". The default value is 7.
  • Configuration/Application/HelpUrl:
    Specifies the URL that is opened for a help page. This overrides all other help sources (local and online). Spr-compiled; the relative help page path is inserted by {BASE}. This element is used only if it is stored in the enforced configuration file.
  • Configuration/Defaults/WinFavsBaseFolderName:
    For the 'Windows Favorites' export: name of the root folder; the default value is 'KeePass'.
  • Configuration/Defaults/WinFavsFileNamePrefix:
    For the 'Windows Favorites' export: prefix for the title of every favorite; the default value is an empty string.
  • Configuration/Defaults/WinFavsFileNameSuffix:
    For the 'Windows Favorites' export: suffix for the title of every favorite; the default value is an empty string.
  • Configuration/Integration/AutoTypeInterKeyDelay:
    Specifies the default delay (in ms) between two keypresses sent by auto-type. The minimum is 1 ms. Note that very small delays may result in target applications not being able to process the keypresses correctly.
  • Configuration/Integration/AutoTypeAbortOnWindows:
    This node may contain one or more Window nodes that specify disallowed auto-type target windows (the value of each node must be a target window filter).

    For example, the following configuration disallows auto-typing into WordPad and LibreOffice Writer:

        <Window>* - WordPad</Window>
        <Window>* - LibreOffice Writer</Window>
  • Configuration/Security/MasterKeyTries:
    Specifies how often the master key dialog appears when entering incorrect master keys. The default value is 3.
  • Configuration/Security/ProtectProcessWithDacl:
    If this option is set to true, KeePass protects its process with a discretionary access control list (DACL).
    Warning Please note that this also blocks legitimate other software (accessibility-related tools like Windows Narrator, other security products like anti-virus programs or firewalls, tools providing user interface enhancements, etc.) from working with KeePass. Furthermore, various problems like application hangs, exceptions and crashes may occur. Therefore, this option is turned off by default and can only be turned on by manually editing the configuration file. It only works reasonably in very specific, limited usage scenarios and is not recommended for most users.
    This option works on Windows only and requires the KeePassLibC DLL (included in default installations and packages).
  • Configuration/UI/TrayIcon/ShowOnlyIfTrayedEx:
    If this option is set to true, the KeePass icon in the system tray is displayed only if the main window has been minimized to the tray.
    Warning Turning on this option can result in denial-of-service problems. If you want to hide the KeePass icon, it is recommended to configure this in the system settings instead; see 'Customize the taskbar notification area'.

Get KeePass