Skip to content

Commit 25e292e

Browse files
author
Antonio Fragola
committed
fully integrated keepass conversion in docker compose
1 parent 61d7c46 commit 25e292e

File tree

9 files changed

+185
-60
lines changed

9 files changed

+185
-60
lines changed

Dockerfile

Lines changed: 7 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -55,11 +55,14 @@ RUN set -e; \
5555
# Copy the binary
5656
COPY --from=builder /src/build/lpass /usr/local/bin/lpass
5757

58-
# Copy contrib folder with all scripts
59-
COPY contrib/ /usr/local/share/lastpass-cli/contrib/
58+
# Copy only the two needed scripts to /usr/local/bin and make them executable
59+
COPY contrib/lastpass-json-to-keepass.sh /usr/local/bin/lastpass-json-to-keepass.sh
60+
COPY contrib/lpass-att-export.sh /usr/local/bin/lpass-att-export.sh
61+
COPY keepass/entrypoint.sh /usr/local/bin/entrypoint.sh
62+
RUN chmod +x /usr/local/bin/*.sh
6063

61-
# Make scripts executable
62-
RUN find /usr/local/share/lastpass-cli/contrib -name "*.sh" -exec chmod +x {} \;
64+
# Copy custom certificates and etc structure from root/etc to image root
65+
COPY keepass/root/etc /etc
6366

6467
# Create directories for volume mounts
6568
RUN mkdir -p /backup /output /logs /data

contrib/lastpass-json-to-keepass.sh

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -342,20 +342,20 @@ EXPORT_ENTRY="Imported/EXPORT-LASTPASS"
342342
printf "%s\n" "$KP_PASS" | keepassxc-cli add "$KDBX_FILE" "$EXPORT_ENTRY" --notes "Backup LastPass export files (json, csv, attachments tgz)" >> "$DEBUG_LOG" 2>&1
343343

344344
# Aggiungi il file JSON
345-
if [ -f "backup/lastpass-backup.json" ]; then
346-
printf "%s\n" "$KP_PASS" | keepassxc-cli attachment-import "$KDBX_FILE" "$EXPORT_ENTRY" "lastpass-backup.json" "backup/lastpass-backup.json" >> "$DEBUG_LOG" 2>&1
345+
if [ -f "/backup/lastpass-backup.json" ]; then
346+
printf "%s\n" "$KP_PASS" | keepassxc-cli attachment-import "$KDBX_FILE" "$EXPORT_ENTRY" "lastpass-backup.json" "/backup/lastpass-backup.json" >> "$DEBUG_LOG" 2>&1
347347
fi
348348
# Aggiungi il file CSV se esiste
349-
if [ -f "backup/lastpass-backup.csv" ]; then
350-
printf "%s\n" "$KP_PASS" | keepassxc-cli attachment-import "$KDBX_FILE" "$EXPORT_ENTRY" "lastpass-backup.csv" "backup/lastpass-backup.csv" >> "$DEBUG_LOG" 2>&1
349+
if [ -f "/backup/lastpass-backup.csv" ]; then
350+
printf "%s\n" "$KP_PASS" | keepassxc-cli attachment-import "$KDBX_FILE" "$EXPORT_ENTRY" "lastpass-backup.csv" "/backup/lastpass-backup.csv" >> "$DEBUG_LOG" 2>&1
351351
fi
352352
# Aggiungi il file LOG se esiste
353-
if [ -f "backup/backup-debug.log" ]; then
354-
printf "%s\n" "$KP_PASS" | keepassxc-cli attachment-import "$KDBX_FILE" "$EXPORT_ENTRY" "backup-debug.log" "backup/lbackup-debug.log" >> "$DEBUG_LOG" 2>&1
353+
if [ -f "/backup/backup-debug.log" ]; then
354+
printf "%s\n" "$KP_PASS" | keepassxc-cli attachment-import "$KDBX_FILE" "$EXPORT_ENTRY" "backup-debug.log" "/backup/backup-debug.log" >> "$DEBUG_LOG" 2>&1
355355
fi
356356
# Crea tgz della cartella attachments escludendo file MacOS
357-
if [ -d "backup/attachments" ]; then
358-
tar --exclude='._*' --exclude='.DS_Store' --exclude='.Trashes' --exclude='.Spotlight-V100' -czf "/tmp/attachments.tgz" -C "backup" attachments
357+
if [ -d "/backup/attachments" ]; then
358+
tar --exclude='._*' --exclude='.DS_Store' --exclude='.Trashes' --exclude='.Spotlight-V100' -czf "/tmp/attachments.tgz" -C "/backup" attachments
359359
printf "%s\n" "$KP_PASS" | keepassxc-cli attachment-import "$KDBX_FILE" "$EXPORT_ENTRY" "attachments.tgz" "/tmp/attachments.tgz" >> "$DEBUG_LOG" 2>&1
360360
rm -f /tmp/attachments.tgz
361361
fi

docker-compose.yml

Lines changed: 0 additions & 48 deletions
This file was deleted.

keepass/.gitignore

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
backup/
2+
output/

keepass/README.md

Lines changed: 66 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,66 @@
1+
# KeePass + LastPass Docker Compose Usage
2+
3+
This directory provides a ready-to-use Docker Compose setup for exporting your LastPass vault and converting it to a KeePass database, with all scripts and binaries included in the official image.
4+
5+
## Quick Start
6+
7+
1. **Enter the directory:**
8+
```sh
9+
cd keepass
10+
```
11+
12+
2. **Export your LastPass vault:**
13+
- With interactive email prompt:
14+
```sh
15+
docker compose run --rm lastpass-export
16+
```
17+
- Or by passing your email as a parameter:
18+
```sh
19+
docker compose run --rm lastpass-export your@email.com
20+
```
21+
This will prompt for your LastPass password and export your vault to the `backup/` folder.
22+
23+
3. **Convert the exported data to a KeePass database:**
24+
```sh
25+
docker compose run --rm lastpass-processor
26+
```
27+
By default, this will:
28+
- Read the JSON export from `backup/lastpass-backup.json`
29+
- Use attachments from `backup/attachments/`
30+
- Write the KeePass database to `output/lastpass-export.kdbx`
31+
- All logs will be saved in `output/logs/`
32+
33+
You can override the output file name by running the provided script `run_me.sh` and entering a custom name when prompted.
34+
35+
4. **Manual/Debug Shell:**
36+
```sh
37+
docker compose run --rm -it --entrypoint /bin/bash lastpass-cli
38+
```
39+
This gives you a shell inside the container with all tools and volumes mounted for advanced/manual operations.
40+
41+
## Options and Defaults
42+
43+
- **lastpass-export**
44+
- Argument: `[email@address.dom]` (optional)
45+
- If not provided, you will be prompted interactively.
46+
- Output: `backup/` directory (created if missing)
47+
48+
- **lastpass-processor**
49+
- No arguments needed by default.
50+
- Reads: `backup/lastpass-backup.json` and `backup/attachments/`
51+
- Writes: `output/lastpass-export.kdbx` (default)
52+
- Logs: `output/logs/`
53+
- To change the output file name, use the `run_me.sh` script and enter a custom name when prompted.
54+
55+
- **lastpass-cli**
56+
- Opens a bash shell for manual use. All volumes are mounted (`backup/`, `output/`).
57+
58+
## Provided Script
59+
60+
- `run_me.sh`: Interactive helper script to guide you through the full export and conversion process, allowing you to set the output KeePass file name (default: `lastpass-export.kdbx`).
61+
62+
## Requirements
63+
- Docker and Docker Compose installed on your system.
64+
65+
---
66+
For advanced usage, you can pass additional arguments to the scripts inside the container using the manual shell.

keepass/docker-compose.yml

Lines changed: 39 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,39 @@
1+
services:
2+
# Step 1: Export backup da LastPass (solo volume backup)
3+
lastpass-export:
4+
image: ghcr.io/fragolinux/lastpass-cli:latest
5+
container_name: lastpass-export
6+
volumes:
7+
- ./backup:/backup
8+
working_dir: /backup
9+
entrypoint: ["/usr/local/bin/entrypoint.sh"]
10+
stdin_open: true
11+
tty: true
12+
13+
# Step 2: Conversione in KeePass (tutti i volumi)
14+
lastpass-processor:
15+
image: ghcr.io/fragolinux/lastpass-cli:latest
16+
container_name: lastpass-processor
17+
volumes:
18+
- ./backup:/backup:ro
19+
- ./output:/output
20+
working_dir: /output
21+
entrypoint: ["/usr/local/bin/lastpass-json-to-keepass.sh", "/backup/lastpass-backup.json", "/backup/attachments"]
22+
command: ["/output/${KP_DB_NAME:-lastpass-export.kdbx}"]
23+
stdin_open: true
24+
tty: true
25+
26+
# Shell manuale opzionale
27+
lastpass-cli:
28+
image: ghcr.io/fragolinux/lastpass-cli:latest
29+
container_name: lastpass-cli-manual
30+
volumes:
31+
- ./backup:/backup
32+
- ./output:/output
33+
working_dir: /output
34+
entrypoint: ["/bin/bash"]
35+
command: ["-c", "sleep infinity"]
36+
profiles:
37+
- manual
38+
tty: true
39+
stdin_open: true

keepass/entrypoint.sh

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
#!/bin/bash
2+
set -euo pipefail
3+
4+
# Prende il primo parametro come username LastPass, se non presente lo chiede
5+
if [ $# -ge 1 ]; then
6+
LPASS_USERNAME="$1"
7+
shift
8+
else
9+
read -p "Enter your LastPass email: " LPASS_USERNAME
10+
fi
11+
12+
lpass login "$LPASS_USERNAME"
13+
14+
# Se non viene passato un path di destinazione, usa /backup di default
15+
DEST_DIR="${1:-/backup}"
16+
17+
lpass-att-export.sh -l "$LPASS_USERNAME" -o "$DEST_DIR"

keepass/root/etc/ssl/certs/ca-certificates.crt

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
-----BEGIN CERTIFICATE-----
2+
MIID4DCCAsigAwIBAgIJAK2sPpFJkrXzMA0GCSqGSIb3DQEBCwUAMFMxCzAJBgNV
3+
BAYTAklMMREwDwYDVQQHEwhUZWwgQXZpdjEWMBQGA1UEChMNQ2F0byBOZXR3b3Jr
4+
czEZMBcGA1UEAxMQQ2F0byBOZXR3b3JrcyBDQTAeFw0xNTExMDEwOTMyMTJaFw0y
5+
NTEwMjkwOTMyMTJaMFMxCzAJBgNVBAYTAklMMREwDwYDVQQHEwhUZWwgQXZpdjEW
6+
MBQGA1UEChMNQ2F0byBOZXR3b3JrczEZMBcGA1UEAxMQQ2F0byBOZXR3b3JrcyBD
7+
QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMAeOxvEqN50ntoVI+Xq
8+
p4OLL+0faAfpTB3Y/RZFBFfFod/YsbWz9G5uzCHGygLZLqV2wFOtH7ay3avIL5rX
9+
ooyQrNH8e3f0APhmvkrjwkeQ3IQ5HQFCmvVYAMUAK4sINzG5Gn+GUQ8CJjFgpyIz
10+
TjXr3jjk06uCAH7FQx85yU+wAxTjSzD21pinnTVaHEssPJkRm7v/+JTrq+Uyt5yI
11+
JCySDSWgSmxi29Wkrlj4ZJ1P3jFnl2HUTAtCrwU0Oqhwas3nEXcjQai/OLztDiwf
12+
aow+HDxLcBWjjl0GQuiIL7mJ/+WPJ6QaLTWxjVXx9Ka0j26SNGh6Xu81ZonItegU
13+
GfUCAwEAAaOBtjCBszAdBgNVHQ4EFgQUq7DQAQTwudEj1sRi5ikbKBzCUQowgYMG
14+
A1UdIwR8MHqAFKuw0AEE8LnRI9bEYuYpGygcwlEKoVekVTBTMQswCQYDVQQGEwJJ
15+
TDERMA8GA1UEBxMIVGVsIEF2aXYxFjAUBgNVBAoTDUNhdG8gTmV0d29ya3MxGTAX
16+
BgNVBAMTEENhdG8gTmV0d29ya3MgQ0GCCQCtrD6RSZK18zAMBgNVHRMEBTADAQH/
17+
MA0GCSqGSIb3DQEBCwUAA4IBAQAvJolS/JgNtLXVpjetvzDe6tUTfuvgF8DE6inV
18+
0wpUyOVgfDmBCzOj6UZB0cZb6sSIHjiUI70JAeGTkhHiMmBfeF64fUe51JtFxVKP
19+
7l+oAzgHwa69xnn24nsgznsrUqg//mN/PEwPKZYnB4EoRUAYnrDMa1ujr8a8kkMp
20+
3m9Lp4J+L0b+IoQgLz0ImtydfTWD+y1csE1thrOssmRJ5miUnP2TBETJCez+oslc
21+
JrnAleHauy0yrfhC+aCZZK6gi4GYmZHm6Rdz07+M34ldhoynb3cR5xIYX5c5bXn0
22+
YPAoJ6F9uy02ne2dCLmrR2CG5TkeDSDeJvuyWWSLY1P6oEOb
23+
-----END CERTIFICATE-----

keepass/run_me.sh

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
#!/bin/bash
2+
3+
set -euo pipefail
4+
5+
mkdir -p backup output
6+
7+
# Step 1: export backup from LastPass
8+
read -p "Enter your LastPass username: " LPASS_USERNAME
9+
10+
docker compose run --rm -e LPASS_USERNAME="$LPASS_USERNAME" lastpass-export
11+
12+
echo "\nBackup exported to ./backup.\n"
13+
14+
# Step 2: convert to KeePass
15+
read -p "Enter the name of the KeePass db file (without extension, default: lastpass-export): " KP_DB_NAME
16+
if [[ -z "$KP_DB_NAME" ]]; then
17+
KP_DB_NAME="lastpass-export"
18+
fi
19+
KP_DB_NAME="${KP_DB_NAME}.kdbx"
20+
21+
docker compose run --rm -e KP_DB_NAME="$KP_DB_NAME" lastpass-processor
22+
23+
echo "\nConversion completed. KeePass file generated in ./output/$KP_DB_NAME\n"

0 commit comments

Comments
 (0)