Welcome

Please find below a complete guide on how to make KeePassXC and Librewolf (w/KeePassXC browser extension) work together.

This was unexpectedly painful but hopefully this saves you the ~7 hours it took me to get all of this working!

Credit where credit is due

Steps 1-6 are thanks to this link (will update, cannot find it right now) and steps 7-8 are thanks to this link (this is for Firefox but goes into autistic detail).

1) Flatpak apps

Ensure that both LibreWolf and KeePassXC are installed using flatpak. Ensure that they are up to date by using flatpak update, also.

2) Create native-messaging-hosts dir

mkdir -p ~/.librewolf/native-messaging-hosts`

3) Install Rust KeePassXC proxy binary

mkdir -p /tmp/kpxcp

cd /tmp/kpxcp

wget https://github.com/varjolintu/keepassxc-proxy-rust/archive/refs/heads/master.zip

unzip master.zip

curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh

rustup target add x86_64-unknown-linux-musl

cd keepassxc-proxy-rust-master/

RUSTFLAGS='-C link-args=-s' cargo build --release --target x86_64-unknwon-linux-musl

cp target/x86_64-unknown-linux-musl/release/keepassxc-proxy ~/.librewolf/native-messaging-hosts/

4) Tell Librewolf to use the proxy

cd ~/.librewolf/native-messaging-hosts/

nano org.keepassxc.keepassxc_browser.json

Pase the following into it, make sure to replace the REPLACE_WITH_USERNAME with you user.

{
    "allowed_extensions": [
        "keepassxc-browser@keepassxc.org"
    ]],
    "description": "KeePassXC integration with native messaging support",
    "name": "org.keepassxc.keepassxc_browser",
    "path": "/home/**REPLACE_WITH_USERNAME**/.librewolf/native-messaging-hosts/keepassxc-proxy",
    "type": "stdio"
}

5) Configure flatpak permissions

To do so nice and easily, we will installa  GUI application for this.

flatpak install flathub com.github.tchx84.Flatseal

Once installed, run Flatseal and...

Add the following line(s) to KeePassXC:

    Filesystem:
        ~/.librewolf/native-messaging-hosts:ro

Add the following line(s) to Librewolf:

    Filesystem:
        ~/.librewolf/native-messaging-hosts:ro
        xdg-run/app/org.keepassxc.KeePassXC:ro

We give KeePassXC read-only permissions so that it doesn't overwrite the path of the proxy to something that doesn't work (why does it do this?).

Sometimes when you launch KeePassXC you may see an error saying 'Could not save the native messaging script file for custom.' but just ignore it it doesn't matter.

6) KeePassXC

In KeePassXC, go to Settings -> Browser Integration

In the General tab:

• Check `Firefox`

In the Advanced tab:

• Check `Use a custom browser configuration location`
• Select `Firefox` as `Browser type`
• Give `~/.librewolf/native-messaing-hosts` as `Config location`

Also in Settings -> General, be sure to tick `Automatically launch KeePassXC at startup` as this ensures that the socket is created before the browser extension tries to access it. Alternatively, just make sure you start KeePassXC before you open Librewolf.

7) Allow Librewolf to access the socket

This is easy. Just run:

sudo flatpak override --filesystem=xdg-run/kpxc_server:ro io:gitlab:librewolf-community

8) Expose KeePassXC socket

mkdir -r ~/.local/share/user-tmpfiles.d

Place this file in the above directory. Now reboot your system and it should work!