A couple of weeks ago, PerlTricks ran a little article on using KeePass (as a file format) to secure your data, which prompted me to dust off and finish some code I'd started sometime last year.
The problem with using File::KeePass (as astoundingly fantastic as it is!) is that the point of using KeePass in the first place is to keep you from having to see passwords at all (once you've started the KeePass utility and logged into it, anyway). If you want to use KeePass to store a username/password pair to pass to LWP (say), though, you've got a problem - you still need to enter your KeePass password to decrypt the database.
There is actually a plugin to deal with this: KeePassRest provides a limited SSL/REST API against the currently running KeePass utility instance. In other words, once you've entered your master password, KeePassRest allows you to retrieve secret information programmatically without any confidential information being in your script or program at all. It was developed by the SmartFTP people to provide just this service for SmartFTP. (FileZilla, for example, keeps your stored FTP passwords in a plain-text XML file, which is mildly alarming.)
Anyway, I'd written half the code needed to hit KeePassRest on the local machine from Perl, and so I dusted it off, polished it up, finished it, and posted it to CPAN for you: I present WWW::KeePassRest.
Now you can just do this:
use LWP; use WWW::KeePassRest; use strict; my $url = 'http://somesite.com/aa/bb/cc.html'; my $browser = LWP::UserAgent->new('Mozilla'); $browser->credentials("somesite.com:80", "Realm", WWW:::KeePassRest->get_by_title('Some site credentials', 'UserName', 'Password')); my $response=$browser->get($url);
If KeePass is running, you get your site; if not, it dies with an appropriate message.
No more passwords in your code. I'd welcome any comments - no doubt I've screwed up half a dozen things before breakfast, but overall I'm pretty happy with it.
I wrote a longer article about various background information and what motivated the code and such, over here at my site.
Leave a comment