Update translations.

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.35.0 to 0.45.0.
- [Commits](https://github.com/golang/crypto/compare/v0.35.0...v0.45.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-version: 0.45.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

.clang-format

@@ -54,6 +54,7 @@ IncludeCategories:
 IndentCaseLabels: false
 IndentWidth:     4
 IndentWrappedFunctionNames: false
+InsertNewlineAtEOF: true
 KeepEmptyLinesAtTheStartOfBlocks: true
 MacroBlockBegin: ''
 MacroBlockEnd:   ''

.gitattributes

@@ -1,3 +1,14 @@
+# Github-linguist language hints
+*.h linguist-language=C++
+*.cpp linguist-language=C++
+
+# Line endings harmony
+* text=auto eol=lf
+
+# binary files
+*.ai binary
+
+# Export
 src/version.h.cmake export-subst
 .gitattributes export-ignore
 .gitignore export-ignore
@@ -7,13 +18,3 @@ src/version.h.cmake export-subst
 snapcraft.yaml export-ignore
 make_release.sh export-ignore
 AppImage-Recipe.sh export-ignore
-
-# github-linguist language hints
-*.h linguist-language=C++
-*.cpp linguist-language=C++
-
-# binary files
-*.ai binary
-
-# Line endings harmony
-* text=auto

.github/copilot-instructions.md

@@ -0,0 +1,44 @@
+This repository is a C++ (C++20) Qt-based password manager. The important domain concepts are
+Database, Group, and Entry (KDBX format). Key areas to know before making changes are below.
+
+Quick reference (common commands)
+- Configure + build (preferred: CMake presets)
+	- Windows (PowerShell): `cmake --preset x64-debug`
+	- Build: `cmake --build --preset x64-debug` or `cmake --build . -j <n>` from the build dir
+- Formatting (required before commits):
+	- `cmake --build . --target format` (runs clang-format)
+- Tests:
+	- Run all tests: `ctest -j <n>` from build dir
+	- Run single test (verbose): `ctest -R <Test Name> -V`
+- Translations & i18n (release tooling):
+	- Update translation sources: `python ./release-tool.py i18n lupdate`
+
+Big-picture architecture (where to look)
+- src/core: core data model (Database, Groups, Entries). Example: `src/core/Database.h`
+- src/format: KDBX readers/writers and import/export logic.  (sensitive - avoid casual edits)
+- src/crypto: cryptographic primitives and key derivation. (sensitive - avoid casual edits)
+- src/gui: Qt UI layers, widgets, main window and app lifecycle (entry: `src/main.cpp`, `src/gui/MainWindow.cpp`)
+- src/sshagent, src/browser, src/fdosecrets, src/quickunlock: integration adapters for external systems
+- tests/ and tests/gui/: QTest-based unit and GUI tests (follow existing test patterns)
+
+Project-specific conventions & patterns
+- Language/features: C++20, heavy use of Qt signal/slot idioms and QObject-derived classes.
+- Build: use provided CMake commands to configure and build the project successfully.
+- Formatting: a CMake target (`format`) runs clang-format — run it before committing.
+- Translations: translation files are generated/updated via the release tool — run it before committing.
+- UI files: .ui changes are non-trivial; prefer proposing .ui edits rather than committing wholesale .ui changes unless very simple.
+- Sensitive areas: `src/crypto` and `src/format` contain security-sensitive logic — avoid refactors that change algorithms without expert review.
+
+Concrete examples (where to copy patterns)
+- Signal connections: see `src/keeshare/ShareObserver.cpp` (connect to Database signals like `groupAdded` / `modified`).
+- Opening/locking DBs: `src/gui/DatabaseTabWidget.*` and `src/gui/DatabaseWidget.*` show typical lifecycle and `emitActiveDatabaseChanged()`.
+- Format/validation: use `src/format/KdbxReader.cpp` and `Kdbx4Reader.cpp` for error handling patterns when reading DBs.
+
+Rules for automated agents
+- Do not change cryptographic or serialization logic unless the change is narrowly scoped and you run tests.
+- When adding features, create relevant unit tests within existing files in `tests/`.
+- Always run code formatting, translation update, and tests before submitting commits.
+- All tests related to your change must pass before committing.
+- Reference real files in PR descriptions (e.g., "changed src/core/Database.h and tests/TestDatabase.cpp").
+
+If anything above is unclear or you want more detail about a specific area (build matrix, CI, or release-tool commands), tell me which part and I will expand.

.github/workflows/codeql.yml

@@ -0,0 +1,70 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches:
+    - 'develop'
+    - 'release/**'
+  pull_request:
+  schedule:
+    - cron: '5 16 * * 3'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
+    timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }}
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'cpp' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+        # Use only 'java' to analyze code written in Java, Kotlin or both
+        # Use only 'javascript' to analyze code written in JavaScript, TypeScript or both
+        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - if: matrix.language == 'cpp'
+      name: Install dependencies
+      run: |
+        sudo apt update
+        sudo apt install build-essential cmake g++
+        sudo apt install qtbase5-dev qtbase5-private-dev qttools5-dev qttools5-dev-tools libqt5svg5-dev libargon2-dev libkeyutils-dev libminizip-dev libbotan-2-dev libqrencode-dev zlib1g-dev asciidoctor libreadline-dev libpcsclite-dev libusb-1.0-0-dev libxi-dev libxtst-dev  libqt5x11extras5-dev
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+
+        # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+        queries: security-and-quality
+
+    - if: matrix.language == 'cpp'
+      name: Build C++
+      run: |
+        mkdir build && cd build
+        cmake -DWITH_XC_ALL=ON -DWITH_TESTS=OFF ..
+        make -j $(nproc)
+
+    # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - if: matrix.language != 'cpp'
+      name: Autobuild
+      uses: github/codeql-action/autobuild@v3
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3
+      with:
+        category: "/language:${{matrix.language}}"

.gitignore

@@ -25,4 +25,9 @@ desktop.ini
 CMakeSettings.json
 CMakePresets.json
 .vs/
-out/
+out/
+\.clangd
+
+# vcpkg
+vcpkg_installed*/
+

.tx/config

@@ -2,16 +2,20 @@
 host = https://app.transifex.com
 
 [o:keepassxc:p:keepassxc:r:share-translations-keepassxc-en-ts--develop]
-file_filter   = share/translations/keepassxc_<lang>.ts
-source_file   = share/translations/keepassxc_en.ts
-type          = QT
-minimum_perc  = 0
-resource_name = keepassxc_en.ts (develop)
+file_filter            = share/translations/keepassxc_<lang>.ts
+source_file            = share/translations/keepassxc_en.ts
+type                   = QT
+minimum_perc           = 60
+resource_name          = keepassxc_en.ts (develop)
+replace_edited_strings = false
+keep_translations      = false
 
 [o:keepassxc:p:keepassxc:r:share-translations-keepassxc-en-ts--master]
-file_filter   = share/translations/keepassxc_<lang>.ts
-source_file   = share/translations/keepassxc_en.ts
-type          = QT
-minimum_perc  = 0
-resource_name = keepassxc_en.ts (2.7.x stable)
+file_filter            = share/translations/keepassxc_<lang>.ts
+source_file            = share/translations/keepassxc_en.ts
+type                   = QT
+minimum_perc           = 60
+resource_name          = keepassxc_en.ts (2.7.x stable)
+replace_edited_strings = false
+keep_translations      = false
 

CHANGELOG.md

@@ -1,5 +1,233 @@
 # Changelog
 
+## 2.7.11 (2025-11-23)
+
+### Changes
+- Add image, HTML, Markdown preview, and text editing support to inline attachment viewer [#12085, #12244, #12654]
+- Add database merge confirmation dialog [#10173]
+- Add option to auto-generate a password for new entries [#12593]
+- Add support for group sync in KeeShare [#11593]
+- Add {UUID} placeholder for use in references [#12511]
+- Add “Wait for Enter” search option [#12263]
+- Add keyboard shortcut to “Jump to Group” from search results [#12225]
+- Add predefined search for TOTP entries [#12199]
+- Add confirmation when closing database via ESC key [#11963]
+- Add support for escaping placeholder expressions [#11904]
+- Reduce tab indentation width in notes fields [#11919]
+- Cap default Argon2 parallelism when creating a new database [#11853]
+- Database lock after inactivity now enabled by default and set to 900 seconds [#12689, #12609]
+- Copying TOTP now opens setup dialog if none is configured for entry [#12584]
+- Make double click action configurable [#12322]
+- Remove unused “Last Accessed” from GUI [#12602]
+- Auto-Type: Add more granular confirmation settings [#12370]
+- Auto-Type: Add URL typing preset and add copy options to menu [#12341]
+- Browser: Do not allow sites automatically if entry added from browser extension [#12413]
+- Browser: Add options to restrict exposed groups [#9852, #12119]
+- Bitwarden Import: Add support for timestamps and password history [#12588]
+- macOS: Add Liquid Glass icon [#12642]
+- macOS: Remove theme-based menubar icon toggle [#12685]
+- macOS: Add Window and Help menus [#12357]
+- Windows: Add option to add KeePassXC to PATH during installation [#12171]
+
+### Fixes
+- Fix window geometry not being restored properly when KeePassXC starts in tray [#12683]
+- Fix potential database truncation when using direct write save method with YubiKeys [#11841]
+- Fix issue with database backup saving [#11874]
+- Fix UI lockups during startup with multiple tabs [#12053]
+- Fix keyboard shortcuts when menubar is hidden [#12431]
+- Fix clipboard being cleared on exit even if no password was copied [#12603]
+- Fix single-instance detection when username contains invalid filename characters [#12559]
+- Fix “Search Wait for Enter” setting not being save [#12614]
+- Fix hotkey accelerators not being escaped properly on database tabs [#12630]
+- Fix confusing error if user cancels out of key file edit dialog [#12639]
+- Fix issues with saved searches and “Press Enter to Search” option [#12314]
+- Fix URL wildcard matching [#12257]
+- Fix TOTP visibility on unlock and settings change [#12220]
+- Fix KeeShare entries with reference attributes not updating [#11809]
+- Fix sort order not being maintained when toggling filters in database reports [#11849]
+- Fix several UI font and layout issues [#11967,  #12102]
+- Prevent mouse wheel scroll on edit username field [#12398]
+- Improve base translation consistency [#12432]
+- Improve inactivity timer [#12246]
+- Documentation improvements [#12373, #12506]
+- Browser: Fix ordering of clientDataJSON in Passkey response object [#12120]
+- Browser: Fix URL matching for additional URLs [#12196]
+- Browser: Fix group settings inheritance [#12368]
+- Browser: Allow read-only native messaging config files [#12236]
+- Browser: Optimise entry iteration in browser access control dialog [#11817]
+- Browser: Fix “Do not ask permission for HTTP Basic Auth” option [#11871]
+- Browser: Fix native messaging path for Tor Browser launcher on Linux [#12005]
+- Auto-Type: Fix empty window behaviour [#12622]
+- Auto-Type: Take delays into account when typing TOTP [#12691]
+- SSH Agent: Fix out-of-memory crash with malformed SSH keys [#12606]
+- CSV Import: Fix modified and creation time import [#12379]
+- CSV Import: Fix duplication of root groups on import [#12240]
+- Proton Pass Import: Fix email addresses not being imported when no username set [#11888]
+- macOS: Fix secure input getting stuck [#11928]
+- Windows: Prevent launch as SYSTEM user from MSI installer [#12705]
+- Windows: Remove broken check for MSVC Redistributable from MSI installer [#11950]
+- Linux: Fix startup delay due to StartupNotify setting in desktop file [#12306]
+- Linux: Fix memory initialisation when --pw-stdin is used with a pipe [#12050]
+
+## 2.7.10 (2025-03-02)
+
+### Changes
+* Allow adjusting application font size [#11567]
+* Add Proton Pass importer [#11197]
+* Support KeePass2 TOTP settings [#11229]
+* Add New/Preview Entry Attachments dialog and functionality [#11637, #11699, #11650]
+* Add database name, color, and icon options for unlock view [#10819, #11725]
+* Show entry background color as column [#6798]
+* Use icons for password strength [#9844]
+* Add "Group Full Path" column in entry view [#10278]
+* Passphrase "MIXED case" Type [#11255]
+* Allow deleting extension plugin data from Browser Statistics [#11218]
+* Add --minimized option to keepassxc [#11693]
+* Implement T-CONV and T-REPLACE-RX entry placeholders [#11453]
+* Option to disable opening browser when URL field double-clicked [#11332]
+* Overhaul action states and add icons to toolbar [#11047]
+* Show character count in password generator dialog [#10940]
+* Add ability to expire entries from context menu [#8731]
+* Add copy field shortcuts to Auto-Type select dialog [#11518]
+* Passkeys: Add support for selecting group on creation [#11260]
+* Browser: Refactor Access Control Dialog [#9607]
+* Browser: Add support for URL wildcards and exact URL [#9835, #11752]
+* Browser: Allow groups to restrict by browser integration key [#9852]
+* CLI: Add `-d` dry-run shortcut to merge command [#11192]
+* CLI: HTML export [#11590]
+* macOS: Add option to disable database lock when switching user [#9707]
+* SSH Agent: Implement feature to clear all identities [#10649]
+
+### Fixes
+* Major enhancements to documentation [#11745, #10875]
+* Various UI and style fixes [#11535, #11672, #11511, #11445, #11426, #11273, #11455, #11321, #11594, #11539, #11351, #11354, #10748, #11602, #11303, #11291, #10091, #9417]
+* Various improvements to tags [#11676, #11652, #11625]
+* Reset splitter sizes on database unlock [#11014]
+* Remember sort order in Auto-type popup dialog [#9508]
+* Fix database password clearing when modifying key file / hardware key [#11001]
+* Fix issues with reloading and handling of externally modified db file [#10612]
+* Support passkeys with Bitwarden import [#11401]
+* Fix various quirks with CSV import [#11787]
+* Show Auto-Type select dialog even if window title is empty [#11603]
+* Refactor hardware key code to avoid deadlock [#11703, #10872]
+* Show a clear error if hardware key is found slots are not configured [#11609]
+* Fix signal/slot disconnect when opening import wizard [#11039]
+* Fix setting window title as modified [#11542]
+* Fix assert hit when viewing entry history [#11413]
+* Fix multiple crashes on Linux [#11513]
+* Fix backup file path time substitution [#10834]
+* Prevent long-running threads from deadlocking the program with only 1 CPU [#11155]
+* Hide the menubar when menus lose focus (if toggled off) [#11355, #11605]
+* CLI: Restore the original codepage on windows [#11470]
+* Passkeys: Various fixes [#10934, #10951]
+* Browser: Fix cancel with database unlock dialog [#11435]
+* Browser: Resolve references in Access Confirm dialog [#11055]
+* SSH Agent: Add timeout to streams to prevent deadlock [#11290]
+* macOS: Replace legacy code for screen recording permissions [#11428]
+* macOS: Implement Secure Input Mode [#11623]
+* macOS: Fix showing ambigious name in settings [#11373]
+* macOS: Fix copy-to-clipboard shortcut in entry preview widget [#10966]
+* Linux: Prevent multiple lock requests [#11306]
+* Snap: Prevent need for snap helper script to configure browser extension [#10924]
+* Windows: Detect outdated VC Redist with MSI installer [#11469]
+* Windows: Additional exclusion fields for clipboard [#11521]
+
+## 2.7.9 (2024-06-19)
+
+### Changes
+* Passkeys: Ability to easily remove a passkey from an entry [#10777]
+* Snap: Use new desktop portal for native messaging integration [#10906]
+
+### Fixes
+* Improve entry placeholder/reference feature [#10846]
+* Improve CSV importing when title field isn't specified [#10843]
+* Improve encrypted Bitwarden importing [#10800]
+* Improve database settings UX [#10821]
+* Improve handling of clipboard actions from entry preview [#10810]
+* Improve group/entry view resize behavior and set sensible defaults [#10641]
+* Passkeys: Fix incorrect username fill [#10874]
+* Passkeys: Return additional data to the extension [#10857]
+* Fix password clear timer inconsistency on unlock view [#10708]
+* Fix portability check [#10760]
+* Fix page overflow on HTML exports [#10735]
+* Fix broken builds when using system provided zxcvbn [#10717]
+* Fix copy password button when text is selected [#10853]
+* Fix tab ordering on application settings pages [#10907]
+* SSH Agent: Fix broken decrypt button [#10638]
+* Windows: Fix ALT Auto-Type modifier [#10795]
+* Windows: Fix wrong DACL memory size allocation [#10712]
+* macOS: Fix monospace font sizing [#10739]
+* Flatpak: Fix configuration settings off-by-one error [#10688]
+* BSD: Fix compiling with libusb implementation [#10736]
+
+## 2.7.8 (2024-05-05)
+
+### Changes
+- Add hotkey for showing search help [#10591]
+- Add hotkey for group switching (Ctrl+Shift+PgUp/PgDown) [#10625]
+- Add per-database auto-save delay setting [#9100]
+- Add setting to hide menubar [#10341]
+- Improve Bitwarden 1PUX import and support organization collections [#10499]
+- Show advanced settings checkbox only for settings that have them [#6513]
+- Remove obsolete setting for requiring repeated password entry [#9722]
+- Passkeys: Allow registering Passkeys to existing entries [#10408]
+- Passkeys: Show warning about data being unencrypted before Passkey export [#10411]
+- Passkeys: Support NFC and USB transports [#10402]
+- Passkeys: Pass extension JSON data to browser [#10615]
+- SSH Agent: Do not use entries from recycle bin [#10518]
+- Linux: Change hotkey sequence used for {CLEARFIELD} Auto-Type [#10008]
+- Windows: Improve DACL memory access protection [#10618]
+
+### Fixes
+- Fix crash when deleting history items [#10451]
+- Fix crash on screen lock or computer sleep [#10458]
+- Fix search field not being focused after unlock [#10459]
+- Fix loss of window focus when Auto-Type needs to unlock a database [#10555]
+- Fix inconsistent TOTP visibility on unlock [#10009]
+- Fix CSV import skipping over single-name groups [#10575]
+- Fix key file folder being remembered even if disabled in settings [#10636]
+- Fix issues with entry editing and database locking [#10667]
+- Fix key file text when provided on command line [#10642]
+- Fix issues with hardware key auto detection [#10663]
+- Do not override monospace font size [#10282]
+- Perform group sort only when group view is in focus [#10202]
+- Do not show decimals for attachment sizes in Bytes [#10595]
+- Prevent merging of global custom data when merging databases [#10452]
+- Fix minor translation issues [#10635]
+- Passkeys: Fix StrongBox incompatibility [#10420]
+- Passkeys: Set RP ID to effective domain if unset instead of returning an error [#10384]
+- Passkeys: Various UI fixes and improvements [#10427, #10608, #10609]
+- AppImage: Fix URL opening [#10624]
+- Flatpak: Fix application autostart [#10563]
+- Linux/macOS: Fix button sizes on modal alert popups [#10500]
+- Linux: Fix clipboard clear on Wayland [#10500]
+- Windows: Preserve file-hidden attribute [#10343]
+
+## 2.7.7 (2024-03-09)
+
+### Changes
+- Support USB Hotplug for Hardware Key interface [#10092]
+- Support 1PUX and Bitwarden import [#9815]
+- Browser: Add support for PassKeys [#8825, #9987, #10318]
+- Build System: Move to vcpkg manifest mode [#10088]
+
+### Fixes
+- Fix multiple TOTP issues [#9874]
+- Fix focus loss on save when the editor is not visible anymore [#10075]
+- Fix visual when removing entry from history [#9947]
+- Fix first entry is not selected when a search is performed [#9868]
+- Prevent scrollbars on entry drag/drop [#9747]
+- Prevent duplicate characters in "Also choose from" field of password generator  [#9803]
+- Security: Prevent byte-by-byte and attachment inference side channel attacks [#10266]
+- Browser: Fix raising Update Entry messagebox [#9853]
+- Browser: Fix bugs when returning credentials [#9136]
+- Browser: Fix crash on database open from browser [#9939]
+- Browser: Fix support for referenced URL fields [#8788]
+- MacOS: Fix crash when changing highlight/accent color [#10348]
+- MacOS: Fix TouchID appearing even though lid is closed [#10092]
+- Windows: Fix terminating KeePassXC processes with MSI installer [#9822]
+- FdoSecrets: Fix database merge crash when enabled [#10136]
+
 ## 2.7.6 (2023-08-15)
 
 ### Changes
@@ -79,7 +307,7 @@
 - Browser: Revert code causing connection problems [#8665]
 - Browser: Fix socket file symbolic link on Linux [#8656]
 - Flatpak: Fix launching browser proxy service [#8680]
-- SSH Agent: Fix paegent support on Windows [#8619]
+- SSH Agent: Fix pageant support on Windows [#8619]
 
 ## 2.7.3 (2022-10-23)
 
@@ -962,7 +1190,7 @@
 - Compare window title to entry URLs #556
 - Implemented inline error messages #162
 - Ignore group expansion and other minor changes when making database "dirty" #464
-- Updated license and copyright information on souce files #632
+- Updated license and copyright information on source files #632
 - Added contributors list to about dialog #629
 
 ## 2.1.4 (2017-04-09)

CMakeLists.txt

@@ -14,7 +14,7 @@
 #  You should have received a copy of the GNU General Public License
 #  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-cmake_minimum_required(VERSION 3.3.0)
+cmake_minimum_required(VERSION 3.10.0)
 
 project(KeePassXC)
 set(APP_ID "org.keepassxc.${PROJECT_NAME}")
@@ -53,16 +53,24 @@ set(WITH_XC_ALL OFF CACHE BOOL "Build in all available plugins")
 option(WITH_XC_AUTOTYPE "Include Auto-Type." ON)
 option(WITH_XC_NETWORKING "Include networking code (e.g. for downloading website icons)." OFF)
 option(WITH_XC_BROWSER "Include browser integration with keepassxc-browser." OFF)
+option(WITH_XC_BROWSER_PASSKEYS "Passkeys support for browser integration." OFF)
 option(WITH_XC_YUBIKEY "Include YubiKey support." OFF)
 option(WITH_XC_SSHAGENT "Include SSH agent support." OFF)
 option(WITH_XC_KEESHARE "Sharing integration with KeeShare" OFF)
 option(WITH_XC_UPDATECHECK "Include automatic update checks; disable for controlled distributions" ON)
 if(UNIX AND NOT APPLE)
     option(WITH_XC_FDOSECRETS "Implement freedesktop.org Secret Storage Spec server side API." OFF)
+    set(WITH_XC_X11 ON CACHE BOOL "Enable building with X11 deps")
 endif()
 option(WITH_XC_DOCS "Enable building of documentation" ON)
-
-set(WITH_XC_X11 ON CACHE BOOL "Enable building with X11 deps")
+if(WIN32 OR APPLE)
+    set(WITH_XC_CODESIGN_IDENTITY "" CACHE STRING "Certificate to be used for signing binaries before packaging.")
+    if(WIN32)
+        set(WITH_XC_CODESIGN_TIMESTAMP_URL "http://timestamp.sectigo.com" CACHE STRING "Timestamp URL for Windows code signing.")
+    elseif(APPLE)
+        set(WITH_XC_NOTARY_KEYCHAIN_PROFILE "" CACHE STRING "Keychain profile name for stored Apple notarization credentials.")
+    endif()
+endif()
 
 if(APPLE)
     # Perform the platform checks before applying the stricter compiler flags.
@@ -98,6 +106,7 @@ if(WITH_XC_ALL)
     set(WITH_XC_AUTOTYPE ON)
     set(WITH_XC_NETWORKING ON)
     set(WITH_XC_BROWSER ON)
+    set(WITH_XC_BROWSER_PASSKEYS ON)
     set(WITH_XC_YUBIKEY ON)
     set(WITH_XC_SSHAGENT ON)
     set(WITH_XC_KEESHARE ON)
@@ -119,7 +128,7 @@ endif()
 
 set(KEEPASSXC_VERSION_MAJOR "2")
 set(KEEPASSXC_VERSION_MINOR "7")
-set(KEEPASSXC_VERSION_PATCH "6")
+set(KEEPASSXC_VERSION_PATCH "11")
 set(KEEPASSXC_VERSION "${KEEPASSXC_VERSION_MAJOR}.${KEEPASSXC_VERSION_MINOR}.${KEEPASSXC_VERSION_PATCH}")
 set(OVERRIDE_VERSION "" CACHE STRING "Override the KeePassXC Version for Snapshot builds")
 
@@ -220,17 +229,23 @@ if("${CMAKE_SIZEOF_VOID_P}" EQUAL "4")
     set(IS_32BIT TRUE)
 endif()
 
-set(CLANG_COMPILER_ID_REGEX "^(Apple)?[Cc]lang$")
-if("${CMAKE_C_COMPILER}" MATCHES "clang$"
-        OR "${CMAKE_EXTRA_GENERATOR_C_SYSTEM_DEFINED_MACROS}" MATCHES "__clang__"
-        OR "${CMAKE_C_COMPILER_ID}" MATCHES ${CLANG_COMPILER_ID_REGEX})
-    set(CMAKE_COMPILER_IS_CLANG 1)
-endif()
+if("${CMAKE_CXX_COMPILER}" MATCHES "clang-cl(.exe)?$")
+    # clang-cl uses MSVC compiler flags
+    set(MSVC 1)
+    set(CMAKE_COMPILER_IS_CLANG_MSVC 1)
+else()
+    set(CLANG_COMPILER_ID_REGEX "^(Apple)?[Cc]lang$")
+    if("${CMAKE_C_COMPILER}" MATCHES "clang$"
+            OR "${CMAKE_EXTRA_GENERATOR_C_SYSTEM_DEFINED_MACROS}" MATCHES "__clang__"
+            OR "${CMAKE_C_COMPILER_ID}" MATCHES ${CLANG_COMPILER_ID_REGEX})
+        set(CMAKE_COMPILER_IS_CLANG 1)
+    endif()
 
-if("${CMAKE_CXX_COMPILER}" MATCHES "clang(\\+\\+)?$"
-        OR "${CMAKE_EXTRA_GENERATOR_CXX_SYSTEM_DEFINED_MACROS}" MATCHES "__clang__"
-        OR "${CMAKE_CXX_COMPILER_ID}" MATCHES ${CLANG_COMPILER_ID_REGEX})
-    set(CMAKE_COMPILER_IS_CLANGXX 1)
+    if("${CMAKE_CXX_COMPILER}" MATCHES "clang(\\+\\+)?$"
+            OR "${CMAKE_EXTRA_GENERATOR_CXX_SYSTEM_DEFINED_MACROS}" MATCHES "__clang__"
+            OR "${CMAKE_CXX_COMPILER_ID}" MATCHES ${CLANG_COMPILER_ID_REGEX})
+        set(CMAKE_COMPILER_IS_CLANGXX 1)
+    endif()
 endif()
 
 macro(add_gcc_compiler_cxxflags FLAGS)
@@ -394,10 +409,14 @@ if (MSVC)
         message(FATAL_ERROR "Only Microsoft Visual Studio 17 and newer are supported!")
     endif()
     add_compile_options(/permissive- /utf-8)
-    if(IS_DEBUG_BUILD)
-        add_compile_options(/Zf)
-        if(MSVC_TOOLSET_VERSION GREATER 141)
-            add_compile_definitions(/fsanitize=address)
+    # Clang-cl does not support /MP, /Zf, or /fsanitize=address
+    if (NOT CMAKE_COMPILER_IS_CLANG_MSVC)
+        add_compile_options(/MP)
+        if(IS_DEBUG_BUILD)
+            add_compile_options(/Zf)
+            if(MSVC_TOOLSET_VERSION GREATER 141)
+                add_compile_definitions(/fsanitize=address)
+            endif()
         endif()
     endif()
 endif()
@@ -413,7 +432,7 @@ if(WIN32)
             # By default MSVC enables NXCOMPAT
             add_compile_options(/guard:cf)
             add_link_options(/DYNAMICBASE /HIGHENTROPYVA /GUARD:CF)
-        else(MINGW)
+        else()
             set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,--nxcompat -Wl,--dynamicbase")
             set(CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} -Wl,--nxcompat -Wl,--dynamicbase")
             # Enable high entropy ASLR for 64-bit builds
@@ -423,6 +442,8 @@ if(WIN32)
             endif()
         endif()
     endif()
+    # Determine if we can link against the Windows SDK, used for Windows Hello support
+    find_library(WINSDK WindowsApp.lib)
 endif()
 
 if(APPLE AND WITH_APP_BUNDLE OR WIN32)
@@ -465,7 +486,7 @@ if(WITH_COVERAGE)
     append_coverage_compiler_flags()
 
     set(COVERAGE_EXCLUDES
-            "'^(.+/)?(thirdparty|zxcvbn)/.*'"
+            "'^(.+/)?thirdparty/.*'"
             "'^(.+/)?main\\.cpp$$'"
             "'^(.+/)?cli/keepassxc-cli\\.cpp$$'"
             "'^(.+/)?proxy/keepassxc-proxy\\.cpp$$'")
@@ -510,8 +531,8 @@ else()
     find_package(Qt5 COMPONENTS ${QT_COMPONENTS} REQUIRED)
 endif()
 
-if(Qt5Core_VERSION VERSION_LESS "5.2.0")
-    message(FATAL_ERROR "Qt version 5.2.0 or higher is required")
+if(Qt5Core_VERSION VERSION_LESS "5.12.0")
+    message(FATAL_ERROR "Qt version 5.12.0 or higher is required")
 endif()
 
 get_filename_component(Qt5_PREFIX ${Qt5_DIR}/../../.. REALPATH)
@@ -559,9 +580,18 @@ if(ZLIB_VERSION_STRING VERSION_LESS "1.2.0")
 endif()
 include_directories(SYSTEM ${ZLIB_INCLUDE_DIR})
 
+# Find Minizip
+find_package(Minizip REQUIRED)
+
 if(WITH_XC_YUBIKEY)
     find_package(PCSC REQUIRED)
     include_directories(SYSTEM ${PCSC_INCLUDE_DIRS})
+
+    if(UNIX AND NOT APPLE)
+        find_library(LIBUSB_LIBRARIES NAMES usb-1.0 REQUIRED)
+        find_path(LIBUSB_INCLUDE_DIR NAMES libusb.h PATH_SUFFIXES "libusb-1.0" "libusb" REQUIRED)
+        include_directories(SYSTEM ${LIBUSB_INCLUDE_DIR})
+    endif()
 endif()
 
 if(UNIX)
@@ -596,6 +626,12 @@ endif()
 
 include_directories(SYSTEM ${ZLIB_INCLUDE_DIR})
 
+find_library(ZXCVBN_LIBRARIES zxcvbn)
+if(NOT ZXCVBN_LIBRARIES)
+    add_subdirectory(src/thirdparty/zxcvbn)
+    set(ZXCVBN_LIBRARIES zxcvbn)
+endif(NOT ZXCVBN_LIBRARIES)
+
 add_subdirectory(src)
 add_subdirectory(share)
 if(WITH_TESTS)

COPYING

@@ -1,5 +1,5 @@
 KeePassXC - http://www.keepassxc.org/
-Copyright (C) 2016-2020 KeePassXC Team <team@keepassxc.org>
+Copyright (C) 2016-2023 KeePassXC Team <team@keepassxc.org>
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -137,22 +137,27 @@ Files: share/icons/badges/2_Expired.svg
        share/icons/database/C46_Help.svg
        share/icons/database/C53_Apply.svg
        share/icons/database/C61_Services.svg
+       share/icons/application/scalable/actions/proton.svg
 Copyright: 2022 KeePassXC Team <team@keepassxc.org>
 License: MIT
 
 Files: share/icons/application/scalable/actions/application-exit.svg
+       share/icons/application/scalable/actions/arrow-collapse-down.svg
        share/icons/application/scalable/actions/attributes-copy.svg
        share/icons/application/scalable/actions/auto-type.svg
+       share/icons/application/scalable/actions/bitwarden.svg
        share/icons/application/scalable/actions/bugreport.svg
        share/icons/application/scalable/actions/chevron-double-down.svg
        share/icons/application/scalable/actions/chevron-double-right.svg
        share/icons/application/scalable/actions/clipboard-text.svg
        share/icons/application/scalable/actions/configure.svg
+       share/icons/application/scalable/actions/csv.svg
        share/icons/application/scalable/actions/database-change-key.svg
        share/icons/application/scalable/actions/database-lock.svg
        share/icons/application/scalable/actions/database-lock-all.svg
        share/icons/application/scalable/actions/database-merge.svg
        share/icons/application/scalable/actions/database-search.svg
+       share/icons/application/scalable/actions/database-settings.svg
        share/icons/application/scalable/actions/dialog-close.svg
        share/icons/application/scalable/actions/dialog-ok.svg
        share/icons/application/scalable/actions/document-close.svg
@@ -173,6 +178,7 @@ Files: share/icons/application/scalable/actions/application-exit.svg
        share/icons/application/scalable/actions/entry-delete.svg
        share/icons/application/scalable/actions/entry-restore.svg
        share/icons/application/scalable/actions/entry-edit.svg
+       share/icons/application/scalable/actions/entry-expire.svg
        share/icons/application/scalable/actions/entry-new.svg
        share/icons/application/scalable/actions/favicon-download.svg
        share/icons/application/scalable/actions/fingerprint.svg
@@ -192,8 +198,10 @@ Files: share/icons/application/scalable/actions/application-exit.svg
        share/icons/application/scalable/actions/move-up.svg
        share/icons/application/scalable/actions/object-locked.svg
        share/icons/application/scalable/actions/object-unlocked.svg
+       share/icons/application/scalable/actions/onepassword.svg
        share/icons/application/scalable/actions/paperclip.svg
        share/icons/application/scalable/actions/password-copy.svg
+       share/icons/application/scalable/actions/passkey.svg
        share/icons/application/scalable/actions/password-generator.svg
        share/icons/application/scalable/actions/password-show-off.svg
        share/icons/application/scalable/actions/password-show-on.svg
@@ -214,12 +222,14 @@ Files: share/icons/application/scalable/actions/application-exit.svg
        share/icons/application/scalable/actions/totp-copy.svg
        share/icons/application/scalable/actions/totp-copy-password.svg
        share/icons/application/scalable/actions/totp-edit.svg
+       share/icons/application/scalable/actions/totp-invalid.svg
        share/icons/application/scalable/actions/trash.svg
        share/icons/application/scalable/actions/url-copy.svg
        share/icons/application/scalable/actions/user-guide.svg
        share/icons/application/scalable/actions/username-copy.svg
        share/icons/application/scalable/actions/view-history.svg
        share/icons/application/scalable/actions/web.svg
+       share/icons/application/scalable/actions/yubikey-refresh.svg
        share/icons/application/scalable/apps/internet-web-browser.svg
        share/icons/application/scalable/apps/keepassxc.svg
        share/icons/application/scalable/apps/keepassxc-dark.svg
@@ -234,9 +244,12 @@ Files: share/icons/application/scalable/actions/application-exit.svg
        share/icons/application/scalable/status/dialog-information.svg
        share/icons/application/scalable/status/dialog-warning.svg
        share/icons/application/scalable/status/security-high.svg
-Copyright: 2019 Austin Andrews <http://templarian.com/>
-License: SIL OPEN FONT LICENSE Version 1.1
-Comment: Taken from Material Design icon set (https://github.com/templarian/MaterialDesign/)
+       share/icons/application/scalable/actions/lock-open-alert.svg
+       share/icons/application/scalable/actions/lock-open.svg
+       share/icons/application/scalable/actions/lock.svg
+Copyright: 2023 Pictogrammers <https://pictogrammers.com/docs/general/about/>
+License: Apache-2.0
+Comment: Some icons are modified to fit KeePassXC design (https://pictogrammers.com/library/mdi/)
 
 Files: src/streams/qtiocompressor.*
        src/streams/QtIOCompressor
@@ -244,7 +257,7 @@ Files: src/streams/qtiocompressor.*
 Copyright: 2009-2012, Nokia Corporation and/or its subsidiary(-ies)
 License: LGPL-2.1 or GPL-3
 
-Files: src/zxcvbn/zxcvbn.*
+Files: src/thirdparty/zxcvbn/zxcvbn.*
 Copyright: 2015-2017, Tony Evans
 License: MIT
 

INSTALL.md

@@ -6,34 +6,21 @@ For more information, see also the [_Building KeePassXC_](https://github.com/kee
 
 The [QuickStart Guide](https://keepassxc.org/docs/KeePassXC_GettingStarted.html) gets you started using KeePassXC on your Windows, macOS, or Linux computer using pre-compiled binaries from the [downloads page](https://keepassxc.org/download).
 
-Build Dependencies
-==================
-
-The following tools must exist within your PATH:
-
-* make
-* cmake (>= 3.3.0)
-* g++ (>= 4.7) or clang++ (>= 6.0)
-* asciidoctor (>= 2.0)
-
-The following libraries are required:
-
-* Qt 5 (>= 5.9.5): qtbase5, qtbase5-private, libqt5svg5, qttools5, qt5-image-formats-plugins
-* botan (>= 2.12)
-* libargon2
-* zlib
-* minizip
-* readline (for completion in cli)
-* qtx11extras, libxi, and libxtst (for auto-type on X11)
-* qrencode
-* libusb-1.0, pcsc-lite (for Yubikey support on Linux)
-
-Prepare the Building Environment
+Toolchain and Build Dependencies
 ================================
 
-* [Building Environment on Linux](https://github.com/keepassxreboot/keepassxc/wiki/Set-up-Build-Environment-on-Linux)
-* [Building Environment on Windows](https://github.com/keepassxreboot/keepassxc/wiki/Set-up-Build-Environment-on-Windows)
-* [Building Environment on MacOS](https://github.com/keepassxreboot/keepassxc/wiki/Set-up-Build-Environment-on-macOS)
+The following build tools must exist within your PATH:
+
+* cmake (>= 3.10.0)
+* make (>= 4.2) or ninja (>= 1.10)
+* g++ (>= 4.9) or clang++ (>= 6.0)
+* asciidoctor (>= 2.0)
+
+* Besides a working C++ toolchain, KeePassXC also has a number of direct build and runtime dependencies. For detailed information about how to install them, please refer to the GitHub wiki:
+
+* [Set up Build Environment on Linux](https://github.com/keepassxreboot/keepassxc/wiki/Set-up-Build-Environment-on-Linux)
+* [Set up Build Environment on Windows](https://github.com/keepassxreboot/keepassxc/wiki/Set-up-Build-Environment-on-Windows)
+* [Set up Build Environment on macOS](https://github.com/keepassxreboot/keepassxc/wiki/Set-up-Build-Environment-on-macOS)
 
 Build Steps
 ===========
@@ -63,7 +50,7 @@ To compile from source, open a **Terminal (Linux/MacOS)**, the **MSVC Tools Comm
    git checkout latest
    ```
 
-2. Navigate to the directory where you have downloaded KeePassXC and type these commands:
+2. Navigate to the directory where you have downloaded KeePassXC and run:
 
    ```
    mkdir build
@@ -71,40 +58,37 @@ To compile from source, open a **Terminal (Linux/MacOS)**, the **MSVC Tools Comm
    cmake -DWITH_XC_ALL=ON ..
    make
    ```
+      
+If you have `vcpkg` installed, add `-DCMAKE_TOOLCHAIN_FILE=${VCPKG_ROOT}/scripts/buildsystems/vcpkg.cmake` to the `cmake` command to automatically download and install all required build and runtime dependencies locally to your build directory before compiling KeePassXC. Using `vcpkg` is the preferred way to install dependencies on macOS and required on Windows if using the MSVC toolchain.
 
-Note: These steps place the compiled KeePassXC binary inside the `./build/src/` directory.
+For more detailed build instructions for each platform, please refer to the [GitHub wiki](https://github.com/keepassxreboot/keepassxc/wiki/Building-KeePassXC).
+
+Note: These steps place the compiled KeePassXC binary inside the `./build/src/` directory (`src/KeePassXC.app/Contents/MacOS` on macOS).
 
 ## MacOS Build Notes
 
-If you installed Qt5 via Homebrew, you should be able to compile KeePassXC without any changes. If CMake fails to find your Qt installation, you can specify it manually by adding the following parameter:
+If you installed Qt5 via Homebrew and CMake fails to find your Qt installation, you can specify it manually by adding the following parameter:
 
 `-DCMAKE_PREFIX_PATH=$(brew --prefix qt5)/lib/cmake`
 
-(or whatever your Qt installation path is)
-
 When building with ASAN support on macOS, you need to use `export ASAN_OPTIONS=detect_leaks=0` before running the tests (LSAN is no supported on macOS).
 
 ## Windows Build Notes
 
-For detailed build steps see the [Windows Build Instructions](https://github.com/keepassxreboot/keepassxc/wiki/Building-KeePassXC#windows).
-
-If you are using MSVC, you may have to specify your Vcpkg toolchain by adding the following CMake parameter: `-DCMAKE_TOOLCHAIN_FILE=C:\vcpkg\scripts\buildsystems\vcpkg.cmake`
-
 If you are using MSYS2, you have to add ```-G "MSYS Makefiles"``` at the beginning of the cmake command.
 
 CMake Configuration Options
 ==========================
 
-## Common Parameters
+## Recommended CMake Build Parameters
 
 ```
--DCMAKE_INSTALL_PREFIX=$(brew --prefix)
 -DCMAKE_VERBOSE_MAKEFILE=ON
 -DCMAKE_BUILD_TYPE=<RelWithDebInfo/Debug/Release>
 -DWITH_GUI_TESTS=ON
 ```
 
-## KeePassXC Parameters
+## Additional CMake Parameters
 
 KeePassXC comes with a variety of build options that can turn on/off features. Most notably, we allow you to build the application with all TCP/IP networking code disabled. Please note that we still require and link against Qt5's network library in order to use local named pipes on all operating systems. Each of these build options are supplied at the time of calling cmake:
 
@@ -112,6 +96,7 @@ KeePassXC comes with a variety of build options that can turn on/off features. M
 -DWITH_XC_AUTOTYPE=[ON|OFF] Enable/Disable Auto-Type (default: ON)
 -DWITH_XC_YUBIKEY=[ON|OFF] Enable/Disable YubiKey HMAC-SHA1 authentication support (default: OFF)
 -DWITH_XC_BROWSER=[ON|OFF] Enable/Disable KeePassXC-Browser extension support (default: OFF)
+-DWITH_XC_BROWSER_PASSKEYS=[ON|OFF] Enable/Disable Passkeys support for browser integration (default: OFF)
 -DWITH_XC_NETWORKING=[ON|OFF] Enable/Disable Networking support (e.g., favicon downloading) (default: OFF)
 -DWITH_XC_SSHAGENT=[ON|OFF] Enable/Disable SSHAgent support (default: OFF)
 -DWITH_XC_FDOSECRETS=[ON|OFF] (Linux Only) Enable/Disable Freedesktop.org Secrets Service support (default:OFF)

README.md

@@ -1,4 +1,5 @@
-# <img src="https://keepassxc.org/images/keepassxc-logo.svg" width="40" height="40"/> KeePassXC
+# <img src="https://keepassxc.org/assets/img/keepassxc.svg" width="40" height="40"/> KeePassXC
+[![OpenSSF Best Practices](https://bestpractices.coreinfrastructure.org/projects/6326/badge)](https://bestpractices.coreinfrastructure.org/projects/6326)
 [![TeamCity Build Status](https://ci.keepassxc.org/app/rest/builds/buildType:\(project:KeepassXC\)/statusIcon)](https://ci.keepassxc.org/?guest=1)
 [![codecov](https://codecov.io/gh/keepassxreboot/keepassxc/branch/develop/graph/badge.svg)](https://codecov.io/gh/keepassxreboot/keepassxc)
 [![GitHub release](https://img.shields.io/github/release/keepassxreboot/keepassxc)](https://github.com/keepassxreboot/keepassxc/releases/)
@@ -21,12 +22,13 @@ KeePassXC has numerous features for novice and power users alike. Our goal is to
 * Password generator
 * Auto-Type passwords into applications
 * Browser integration with Google Chrome, Mozilla Firefox, Microsoft Edge, Chromium, Vivaldi, Brave, and Tor-Browser
+* Support for passkeys using the browser integration
 * Entry icon download
-* Import databases from CSV, 1Password, and KeePass1 formats
+* Import databases from CSV, 1Password, Bitwarden, Proton Pass, and KeePass1 formats
 
 ### Advanced
 * Database reports (password health, HIBP, and statistics)
-* Database export to CSV and HTML formats
+* Database export to CSV, XML, and HTML formats
 * TOTP storage and generation
 * Field references between entries
 * File attachments and custom attributes

cmake/CLangFormat.cmake

@@ -16,7 +16,6 @@
 set(EXCLUDED_DIRS
         # third-party directories
         src/thirdparty
-        src/zxcvbn
         # objective-c directories
         src/touchid
         src/autotype/mac

cmake/FindBotan.cmake

@@ -13,7 +13,7 @@ include(FindPackageHandleStandardArgs)
 
 set(BOTAN_VERSIONS botan-3 botan-2)
 set(BOTAN_NAMES botan-3 botan-2 botan)
-set(BOTAN_NAMES_DEBUG botand-3 botand-2 botand botan)
+set(BOTAN_NAMES_DEBUG botand-3 botand-2 botand botan botan-3)
 
 find_path(
     BOTAN_INCLUDE_DIR
@@ -36,7 +36,7 @@ find_library(
     NAMES ${BOTAN_NAMES}
     PATH_SUFFIXES release/lib lib
     DOC "The Botan (release) library")
-if(MSVC)
+if(WIN32 AND NOT MINGW)
     find_library(
         BOTAN_LIBRARY_DEBUG
         NAMES ${BOTAN_NAMES_DEBUG}
@@ -55,7 +55,7 @@ endif()
 
 if(BOTAN_FOUND)
     set(BOTAN_INCLUDE_DIRS ${BOTAN_INCLUDE_DIR})
-    if(MSVC)
+    if(WIN32 AND NOT MINGW)
         set(BOTAN_LIBRARIES optimized ${BOTAN_LIBRARY} debug ${BOTAN_LIBRARY_DEBUG})
     else()
         set(BOTAN_LIBRARIES ${BOTAN_LIBRARY})

cmake/FindPCSC.cmake

@@ -21,16 +21,38 @@ endif()
 
 if(NOT PCSC_FOUND)
    # Search for PC/SC headers on Mac and Windows
+
+   # Additional search paths for Windows if not running in Visual Studio environment
+   if (WIN32) 
+      # Resolve the ambiguity of using two names for one architecture
+      if(CMAKE_SYSTEM_PROCESSOR STREQUAL "AMD64" OR CMAKE_SYSTEM_PROCESSOR STREQUAL "x64")
+         set(ARCH_DIR "x64")
+      else()
+         set(ARCH_DIR "${CMAKE_SYSTEM_PROCESSOR}")
+      endif()
+
+      # Locate Windows SDK Paths
+      if (CMAKE_WINDOWS_KITS_10_DIR)
+         set(WINSDKROOTC_INCLUDE "${CMAKE_WINDOWS_KITS_10_DIR}/Include/${CMAKE_VS_WINDOWS_TARGET_PLATFORM_VERSION}/um")
+         set(WINSDKROOTC_LIB     "${CMAKE_WINDOWS_KITS_10_DIR}/LIB/${CMAKE_VS_WINDOWS_TARGET_PLATFORM_VERSION}/um/${ARCH_DIR}")
+      else()
+         set(WINSDKROOTC_INCLUDE "$ENV{ProgramFiles\(x86\)}/Windows Kits/10/Include/${CMAKE_VS_WINDOWS_TARGET_PLATFORM_VERSION}/um")
+         set(WINSDKROOTC_LIB     "$ENV{ProgramFiles\(x86\)}/Windows Kits/10/LIB/${CMAKE_VS_WINDOWS_TARGET_PLATFORM_VERSION}/um/${ARCH_DIR}")
+      endif()
+   endif()
+
    find_path(PCSC_INCLUDE_DIRS winscard.h
       HINTS
-      ${CMAKE_C_IMPLICIT_INCLUDE_DIRECTORIES}
-      /usr/include/PCSC
+         ${CMAKE_C_IMPLICIT_INCLUDE_DIRECTORIES}
+         /usr/include/PCSC
+         ${WINSDKROOTC_INCLUDE}
       PATH_SUFFIXES PCSC)
 
    # MAC library is PCSC, Windows library is WinSCard
    find_library(PCSC_LIBRARIES NAMES pcsclite libpcsclite WinSCard PCSC
       HINTS   
-      ${CMAKE_C_IMPLICIT_LINK_DIRECTORIES})
+         ${CMAKE_C_IMPLICIT_LINK_DIRECTORIES}
+         ${WINSDKROOTC_LIB})
 endif()
 
 include(FindPackageHandleStandardArgs)

cmake/FindQREncode.cmake

@@ -15,12 +15,12 @@
 
 find_path(QRENCODE_INCLUDE_DIR NAMES qrencode.h)
 
-if (VCPKG_INSTALLED_DIR)
-    find_library(QRENCODE_LIBRARY_RELEASE qrencode)
-    find_library(QRENCODE_LIBRARY_DEBUG qrencoded)
-    set(QRENCODE_LIBRARY optimized ${QRENCODE_LIBRARY_RELEASE} debug ${QRENCODE_LIBRARY_DEBUG})
+if(WIN32 AND NOT MINGW)
+	find_library(QRENCODE_LIBRARY_RELEASE qrencode)
+	find_library(QRENCODE_LIBRARY_DEBUG qrencoded)
+	set(QRENCODE_LIBRARY optimized ${QRENCODE_LIBRARY_RELEASE} debug ${QRENCODE_LIBRARY_DEBUG})
 else()
-    find_library(QRENCODE_LIBRARY qrencode)
+	find_library(QRENCODE_LIBRARY qrencode)
 endif()
 
 mark_as_advanced(QRENCODE_LIBRARY QRENCODE_INCLUDE_DIR)

cmake/MacOSCodesign.cmake.in

@@ -0,0 +1,102 @@
+#  Copyright (C) 2025 KeePassXC Team <team@keepassxc.org>
+#
+#  This program is free software: you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation, either version 2 or (at your option)
+#  version 3 of the License.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+
+# CPACK_PACKAGE_FILES is set only during POST_BUILD
+if(NOT CPACK_PACKAGE_FILES)     # PRE_BUILD: Sign binaries
+
+    set(PROGNAME "@PROGNAME@")
+    set(CODESIGN_IDENTITY "@WITH_XC_CODESIGN_IDENTITY@")
+    set(ENTITLEMENTS @MACOSX_BUNDLE_APPLE_ENTITLEMENTS@)
+    set(APP_DIR "${CPACK_TEMPORARY_INSTALL_DIRECTORY}/ALL_IN_ONE/${PROGNAME}.app")
+
+    if(NOT CODESIGN_IDENTITY)
+        message(FATAL_ERROR "No codesign identity specified.")
+    endif()
+
+    message(STATUS "Codesign identity used: ${CODESIGN_IDENTITY}")
+    message(STATUS "Signing ${PROGNAME}.app, this may take while...")
+
+    # Sign all binaries
+    execute_process(
+        COMMAND xcrun codesign --sign=${CODESIGN_IDENTITY} --force --options=runtime --deep ${APP_DIR}
+        RESULT_VARIABLE SIGN_RESULT
+        OUTPUT_VARIABLE SIGN_OUTPUT
+        ERROR_VARIABLE SIGN_ERROR
+        OUTPUT_STRIP_TRAILING_WHITESPACE
+        ERROR_STRIP_TRAILING_WHITESPACE
+        ECHO_OUTPUT_VARIABLE
+    )
+    if (NOT SIGN_RESULT EQUAL 0)
+        message(FATAL_ERROR "Signing binaries failed: ${SIGN_ERROR}")
+    endif()
+
+    # (Re-)Sign main executable with --entitlements
+    execute_process(
+        COMMAND xcrun codesign --sign=${CODESIGN_IDENTITY} --force --options=runtime --deep --entitlements=${ENTITLEMENTS} ${APP_DIR}
+        RESULT_VARIABLE SIGN_RESULT
+        OUTPUT_VARIABLE SIGN_OUTPUT
+        ERROR_VARIABLE SIGN_ERROR
+        OUTPUT_STRIP_TRAILING_WHITESPACE
+        ERROR_STRIP_TRAILING_WHITESPACE
+        ECHO_OUTPUT_VARIABLE
+    )
+    if (NOT SIGN_RESULT EQUAL 0)
+        message(FATAL_ERROR "Signing main binary failed: ${SIGN_ERROR}")
+    endif()
+
+    message(STATUS "${PROGNAME}.app signed successfully.")
+
+else()       # POST_BUILD: Notarize DMG
+    set(KEYCHAIN_PROFILE "@WITH_XC_NOTARY_KEYCHAIN_PROFILE@")
+    file(GLOB_RECURSE DMG_FILE "${CPACK_PACKAGE_DIRECTORY}/${CPACK_PACKAGE_FILE_NAME}.dmg")
+
+    if(NOT KEYCHAIN_PROFILE)
+        message(FATAL_ERROR "No notarization credentials keychain profile specified.")
+    endif()
+
+    # Submit for notarization
+    message(STATUS "Submitting DMG bundle for notarization, this may take while...")
+    execute_process(
+            COMMAND xcrun notarytool submit --keychain-profile=${KEYCHAIN_PROFILE} --wait ${DMG_FILE}
+            RESULT_VARIABLE NOTARIZE_RESULT
+            OUTPUT_VARIABLE NOTARIZE_OUTPUT
+            ERROR_VARIABLE NOTARIZE_ERROR
+            OUTPUT_STRIP_TRAILING_WHITESPACE
+            ERROR_STRIP_TRAILING_WHITESPACE
+            ECHO_OUTPUT_VARIABLE
+    )
+    if (NOT NOTARIZE_RESULT EQUAL 0)
+        message(FATAL_ERROR "Notarization failed: ${NOTARIZE_ERROR}")
+    endif()
+    message(STATUS "DMG bundle notarized successfully.")
+
+    # Staple tickets
+    message(STATUS "Stapling notarization ticket...")
+    execute_process(
+            COMMAND xcrun stapler staple ${DMG_FILE} && xcrun stapler validate ${DMG_FILE}
+            RESULT_VARIABLE STAPLE_RESULT
+            OUTPUT_VARIABLE STAPLE_OUTPUT
+            ERROR_VARIABLE STAPLE_ERROR
+            OUTPUT_STRIP_TRAILING_WHITESPACE
+            ERROR_STRIP_TRAILING_WHITESPACE
+            ECHO_OUTPUT_VARIABLE
+    )
+    if (NOT STAPLE_RESULT EQUAL 0)
+        message(FATAL_ERROR "Stapling failed: ${STAPLE_ERROR}")
+    endif()
+    message(STATUS "DMG bundle notarization ticket stapled successfully.")
+
+endif()

cmake/MakePortableZip.cmake

@@ -1,3 +0,0 @@
-if (CMAKE_INSTALL_PREFIX MATCHES "/ZIP/")
-  file(TOUCH "${CMAKE_INSTALL_PREFIX}/.portable")
-endif()

cmake/WindowsCodesign.cmake.in

@@ -0,0 +1,79 @@
+#  Copyright (C) 2025 KeePassXC Team <team@keepassxc.org>
+#
+#  This program is free software: you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation, either version 2 or (at your option)
+#  version 3 of the License.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+set(INSTALL_DIR ${CPACK_TEMPORARY_INSTALL_DIRECTORY})
+set(CODESIGN_IDENTITY @WITH_XC_CODESIGN_IDENTITY@)
+set(TIMESTAMP_URL @WITH_XC_CODESIGN_TIMESTAMP_URL@)
+
+if(CPACK_PACKAGE_FILES) 
+    # This variable is set only during POST_BUILD, reset SIGN_FILES first
+    set(SIGN_FILES "")
+    foreach(PACKAGE_FILE ${CPACK_PACKAGE_FILES})
+        # Check each package file to see if it can be signed
+        if(PACKAGE_FILE MATCHES "\\.msix?$" OR PACKAGE_FILE MATCHES "\\.exe$")
+            message(STATUS "Adding ${PACKAGE_FILE} for signature")
+            list(APPEND SIGN_FILES "${PACKAGE_FILE}")
+        endif()
+    endforeach()
+else()
+    # Setup portable zip file if building one
+    if(INSTALL_DIR MATCHES "/ZIP/")
+        file(TOUCH "${INSTALL_DIR}/.portable")
+        message(STATUS "Injected portable marker into ZIP file.")
+    endif()
+
+    # Find all dll and exe files in the install directory
+    file(GLOB_RECURSE SIGN_FILES
+            RELATIVE "${INSTALL_DIR}"
+            "${INSTALL_DIR}/*.dll"
+            "${INSTALL_DIR}/*.exe"
+    )
+endif()
+
+# Sign relevant binaries if requested
+if(CODESIGN_IDENTITY AND SIGN_FILES)
+    # Find signtool in PATH or error out
+    find_program(SIGNTOOL signtool.exe QUIET)
+    if(NOT SIGNTOOL)
+        message(FATAL_ERROR "signtool.exe not found in PATH, correct or unset WITH_XC_CODESIGN_IDENTITY")
+    endif()
+
+    # Check that a certificate thumbprint was provided or error out
+    if(CODESIGN_IDENTITY STREQUAL "auto")
+        message(STATUS "Signing using best available certificate.")
+        set(CERT_OPTS /a)
+    else ()
+        message(STATUS "Signing using certificate with fingerprint ${CODESIGN_IDENTITY}.")
+        set(CERT_OPTS /sha1 ${CODESIGN_IDENTITY})
+    endif()
+
+    message(STATUS "Signing binary files, this may take a while...")
+    # Use cmd /c to enable pop-up for pin entry if needed
+    execute_process(
+            COMMAND cmd /c ${SIGNTOOL} sign /fd SHA256 ${CERT_OPTS} /tr ${TIMESTAMP_URL} /td SHA256 /d ${CPACK_PACKAGE_FILE_NAME} ${SIGN_FILES}
+            WORKING_DIRECTORY "${INSTALL_DIR}"
+            RESULT_VARIABLE SIGN_RESULT
+            OUTPUT_VARIABLE SIGN_OUTPUT
+            ERROR_VARIABLE SIGN_ERROR
+            OUTPUT_STRIP_TRAILING_WHITESPACE
+            ERROR_STRIP_TRAILING_WHITESPACE
+            ECHO_OUTPUT_VARIABLE
+    )
+    if(NOT SIGN_RESULT EQUAL 0)
+        message(FATAL_ERROR "Signing binary files failed: ${SIGN_ERROR}")
+    endif()
+
+    message(STATUS "Binary files signed successfully.")
+endif()

codecov.yaml

@@ -1,8 +1,27 @@
+codecov:
+  require_ci_to_pass: false
 coverage:
   range: 60..80
   round: nearest
   precision: 2
+  status:
+    project:
+      default:
+        target: auto
+        threshold: 0.5%
+        paths:
+          - "src"
+    patch:
+      default:
+        target: 50%
+        threshold: 0%
+        informational: true
+        paths:
+          - "src"
 fixes:
   - "*/src/::"
+ignore:
+  - "src/gui/styles/**"
+  - "src/thirdparty/**"
 comment:
   require_changes: true

docs/GettingStarted.adoc

@@ -7,6 +7,7 @@ KeePassXC Team <team@keepassxc.org>
 :imagesdir: images
 :stylesheet: styles/dark.css
 :toc: left
+:experimental:
 ifdef::backend-pdf[]
 :title-page:
 :title-logo-image: {imagesdir}/kpxc_logo.png
@@ -26,8 +27,8 @@ include::topics/DownloadInstall.adoc[tags=*;!advanced]
 
 include::topics/UserInterface.adoc[tags=*;!advanced]
 
-include::topics/PasswordGenerator.adoc[tags=*;!advanced]
-
 include::topics/DatabaseOperations.adoc[tags=*;!advanced]
 
-include::topics/BrowserPlugin.adoc[tags=*;!advanced]
+include::topics/PasswordGenerator.adoc[tags=*;!advanced]
+
+include::topics/BrowserIntegration.adoc[tags=*;!advanced]

docs/UserGuide.adoc

@@ -6,6 +6,8 @@ KeePassXC Team <team@keepassxc.org>
 :imagesdir: images
 :stylesheet: styles/dark.css
 :toc: left
+:sectanchors:
+:experimental:
 ifdef::backend-pdf[]
 :title-page:
 :title-logo-image: {imagesdir}/kpxc_logo.png
@@ -23,15 +25,19 @@ include::topics/UserInterface.adoc[tags=*]
 
 include::topics/DatabaseOperations.adoc[tags=*]
 
-include::topics/ImportExport.adoc[tags=*]
-
 include::topics/PasswordGenerator.adoc[tags=*]
 
-include::topics/BrowserPlugin.adoc[tags=*]
+include::topics/ImportExport.adoc[tags=*]
+
+include::topics/KeeShare.adoc[tags=*]
+
+include::topics/BrowserIntegration.adoc[tags=*]
+
+include::topics/Passkeys.adoc[tags=*]
 
 include::topics/AutoType.adoc[tags=*]
 
-include::topics/KeeShare.adoc[tags=*]
+include::topics/SecretService.adoc[tags=*]
 
 include::topics/SSHAgent.adoc[tags=*]
 

docs/man/keepassxc.1.adoc

@@ -49,6 +49,9 @@ Your wallet works offline and requires no Internet connection.
 *--pw-stdin*::
   Read password of the database from stdin.
 
+*--minimized*::
+  Starts KeePassXC minimized to the system tray.
+
 *--debug-info*::
   Displays debugging information.
 

docs/styles/dark.css

@@ -180,7 +180,7 @@ body.toc2.toc-right{padding-left:0;padding-right:20em}}
 .sect1{padding-bottom:1.25em}}
 .sect1:last-child{padding-bottom:0}
 .sect1+.sect1{border-top:1px solid #efefed}
-#content h1>a.anchor,h2>a.anchor,h3>a.anchor,#toctitle>a.anchor,.sidebarblock>.content>.title>a.anchor,h4>a.anchor,h5>a.anchor,h6>a.anchor{position:absolute;z-index:1001;width:1.5ex;margin-left:-1.5ex;display:block;text-decoration:none!important;visibility:hidden;text-align:center;font-weight:400}
+#content h1>a.anchor,h2>a.anchor,h3>a.anchor,#toctitle>a.anchor,.sidebarblock>.content>.title>a.anchor,h4>a.anchor,h5>a.anchor,h6>a.anchor{position:absolute;z-index:1001;width:2.0ex;margin-left:-1.8ex;margin-top:0.08ex;display:block;text-decoration:none!important;visibility:hidden;text-align:center;font-weight:400}
 #content h1>a.anchor::before,h2>a.anchor::before,h3>a.anchor::before,#toctitle>a.anchor::before,.sidebarblock>.content>.title>a.anchor::before,h4>a.anchor::before,h5>a.anchor::before,h6>a.anchor::before{content:"\00A7";font-size:.85em;display:block;padding-top:.1em}
 #content h1:hover>a.anchor,#content h1>a.anchor:hover,h2:hover>a.anchor,h2>a.anchor:hover,h3:hover>a.anchor,#toctitle:hover>a.anchor,.sidebarblock>.content>.title:hover>a.anchor,h3>a.anchor:hover,#toctitle>a.anchor:hover,.sidebarblock>.content>.title>a.anchor:hover,h4:hover>a.anchor,h4>a.anchor:hover,h5:hover>a.anchor,h5>a.anchor:hover,h6:hover>a.anchor,h6>a.anchor:hover{visibility:visible}
 #content h1>a.link,h2>a.link,h3>a.link,#toctitle>a.link,.sidebarblock>.content>.title>a.link,h4>a.link,h5>a.link,h6>a.link{color:#ba3925;text-decoration:none}

docs/topics/.sharedheader

@@ -4,3 +4,4 @@ KeePassXC Team <team@keepassxc.org>
 :stylesheet: ../styles/dark.css
 :icons: font
 :toc: left
+:experimental:

docs/topics/AutoType.adoc

@@ -24,20 +24,22 @@ You can also set the time to remember the last used entry between presses of the
 === Configure Auto-Type Sequences
 Each entry in your database can have multiple Auto-Type sequences associated with various window titles. Simulated key presses can be sent to any other currently open window of your choice (web browser windows, login dialogs boxes, and so on). When the Global Auto-Type hotkey is pressed, KeePassXC will search your database for entries matching the current selected window title.
 
-NOTE: The default Auto-Type sequence is `{USERNAME}{TAB}{PASSWORD}{ENTER}`. This means that it first types the username of the selected entry, then presses the `Tab` key, then types the password of the entry and finally presses the `Enter` key.
+NOTE: The default Auto-Type sequence is `{USERNAME}{TAB}{PASSWORD}{ENTER}`. This means that it first types the username of the selected entry, then presses the kbd:[Tab] key, then types the password of the entry and finally presses the kbd:[Enter] key.
 
 TIP: To change the default Auto-Type sequence for all entries of your database, edit the root (top-most) group of your database and set a specific sequence. Child groups and entries will inherit this sequence by default.
 
 To configure Auto-Type sequences for your entries, perform the following steps:
 
-1.	Navigate to the entries list and open the desired entry for editing. Click the _Auto-Type_ item from the left-hand menu bar *(1)*. Press the `+` button *(2)* to add a new sequence entry. Select the desired window using the drop-down menu, or simply type a window title in the box *(3)*.
+1.	Navigate to the entries list and open the desired entry for editing. Click the _Auto-Type_ item from the left-hand menu bar *(1)*. Press the kbd:[+] button *(2)* to add a new sequence entry. Select the desired window using the drop-down menu, or simply type a window title in the box *(3)*.
 +
-TIP: You can use an asterisk (`\*`) to match any value (e.g., when a window title contains a dynamic filename or website name). Set the window title to `*` to match all windows. Leave the window title blank to offer additional default Auto-Type sequences, such as custom attributes.
+TIP: You can use an asterisk (`\*`) as a wildcard (e.g., when a window title contains a dynamic file or website name). Set the window title to `*` to match all windows. Leave the window title blank to offer additional sequences for every matching window. This is useful for typing individual custom attributes, for example.
++
+TIP: To use a standard regular expression for window title matching, the window title must start and end with two forward slashes (e.g., `//^Secure Login - .*$//`).
 +
 .Auto-Type entry sequences
 image::autotype_entry_sequences.png[]
 
-2. _(Optional)_ Define a custom Auto-Type sequence for each window title match by selecting the _Use specific sequence for this association_ checkbox. Sequence action codes and field placeholders are detailed in the following table. Beyond the most important ones detailed below, there are additional action codes and placeholders available: xref:UserGuide.adoc#_auto_type_actions[Auto-Type Actions Reference] and xref:UserGuide.adoc#_entry_placeholders[Entry Placeholders Reference]. Action codes and placeholders are not case sensitive.
+2. _(Optional)_ Define a custom Auto-Type sequence for each window title match by selecting the _Use specific sequence for this association_ checkbox. Sequence action codes and field placeholders are detailed in the following table. Beyond the most important ones detailed below, there are additional action codes and placeholders available: <<Auto-Type Actions, Auto-Type Actions Reference>> and <<Entry Placeholders, Entry Placeholders Reference>>. Action codes and placeholders are not case sensitive.
 +
 [grid=rows, frame=none, width=90%]
 |===
@@ -60,7 +62,7 @@ image::autotype_entry_sequences.png[]
 |Press the corresponding keyboard key
 
 |{UP}, {DOWN}, {LEFT}, {RIGHT}  |Press the corresponding arrow key
-|{LEFTBRACE}, {RIGHTBRACE}      |Press `{` or `}`, respectively
+|{LEFTBRACE}, {RIGHTBRACE}      |Press kbd:[{] or kbd:[}], respectively
 |{&lt;KEY&gt; X}     |Repeat &lt;KEY&gt; X times (e.g., {SPACE 5} inserts five spaces)
 |{DELAY=X}     |Set delay between key presses to X milliseconds
 |{DELAY X}     |Pause typing for X milliseconds
@@ -89,7 +91,7 @@ When you press the global Auto-Type hotkey, KeePassXC searches all unlocked data
 .Auto-Type sequence selection
 image::autotype_selection_dialog.png[,70%]
 
-Perform the selected Auto-Type sequence by double clicking the desired row or pressing _Enter_. Press the up and down arrows to navigate the list. Sequences can be filtered through the text edit field.
+Perform the selected Auto-Type sequence by double clicking the desired row or pressing kbd:[Enter]. Press the up and down arrows to navigate the list. Sequences can be filtered through the text edit field.
 
 .Auto-Type search database
 image::autotype_selection_dialog_search.png[,70%]
@@ -104,7 +106,7 @@ The option to type just the username, password, or current TOTP value is availab
 TIP: On Windows, you will see an option to use a virtual keyboard in this sub-menu. This is an experimental feature that allows you to type into virtual machines by simulating actual keyboard presses. Some international keyboards may be unsupported due to limitations in the Windows API.
 
 === Performing Entry-Level Auto-Type
-You can quickly activate the default Auto-Type sequence for a particular entry using Entry-Level Auto-Type. For this operation, the KeePassXC window will be minimized and the Auto-Type sequence occurs in the previously selected window. You can perform Entry-Level Auto-Type from the toolbar icon *(A)*, entry context menu *(B)*, or by pressing `Ctrl+Shift+V`.
+You can quickly activate the default Auto-Type sequence for a particular entry using Entry-Level Auto-Type. For this operation, the KeePassXC window will be minimized and the Auto-Type sequence occurs in the previously selected window. You can perform Entry-Level Auto-Type from the toolbar icon *(A)*, entry context menu *(B)*, or by pressing kbd:[Ctrl+Shift+V].
 
 WARNING: Be careful when using Entry-Level Auto-Type as you can inadvertently type into the wrong window. For example, a chat window or email.
 

docs/topics/BrowserIntegration.adoc

@@ -3,7 +3,7 @@ include::.sharedheader[]
 :imagesdir: ../images
 
 // tag::content[]
-== Setup Browser Integration
+== Browser Integration
 The KeePassXC-Browser extension is installed within your web browser so that you can automatically pull usernames and passwords from KeePassXC and populate them directly into website fields. It is a very useful and secure extension that enhances your productivity while using KeePassXC. With this extension, you do not need to manually copy the data from your KeePassXC database and paste it into the website fields.
 
 The KeePassXC-Browser extension is available on the following web browsers:
@@ -13,11 +13,13 @@ The KeePassXC-Browser extension is available on the following web browsers:
 * Microsoft Edge
 * Chromium
 
+NOTE: On Linux, Flatpak and Snap based browsers are generally not supported. Ubuntu's Firefox Snap is currently the only known exception. 
+
 === Install the Browser Extension
 You can download the KeePassXC-Browser extension from your web browser. To download the KeePassXC-Browser extension, perform the following steps:
 
 1. Click the link corresponding to your browser:
-  * https://chrome.google.com/webstore/detail/keepassxc-browser/oboonakemofpalcgghocfoadofidjkkk[Chrome, Chromium, Vivaldi, and Brave]
+  * https://chromewebstore.google.com/detail/keepassxc-browser/oboonakemofpalcgghocfoadofidjkkk[Chrome, Chromium, Vivaldi, and Brave]
   * https://addons.mozilla.org/en-US/firefox/addon/keepassxc-browser[Mozilla Firefox and Tor-Browser]
   * https://microsoftedge.microsoft.com/addons/detail/keepassxcbrowser/pdffhmdngciaglkoonimfcmckehcpafo[Microsoft Edge]
 
@@ -66,9 +68,10 @@ The KeePassXC-Browser extension lets you automatically populate the entries from
 
 2. Open your web browser. The KeePassXC-Browser extension icon in your browser window will change based on its connection state. The figure below shows the different states.
 +
-*(A)* KeePassXC is not running or is disconnected +
-*(B)* Connected to KeePassXC, but database is locked +
-*\(C)* Connected to KeePassXC and ready to use
+*(A)* KeePassXC is not running or is disconnected. +
+*(B)* KeePassXC is running, but KeePassXC Browser Extension is not connected to the current database. +
+*\(C)* Connected to KeePassXC, but database is locked. +
+*(D)* Connected to KeePassXC and ready to use. If the icon is shown with a number, it indicates the number of credentials found for the current site.
 +
 .Extension Icon States
 image::browser_extension_icons.png[,70%]
@@ -90,18 +93,60 @@ image::browser_confirm_access_dialog.png[,80%]
 .Fill Credentials
 image::browser_fill_credentials.png[,80%]
 
-// tag::advanced[]
-=== Browser statistics
-You can see a cross-section of all browser-related settings applied to entries within a database through the Browser Statistics report. To access these, use the _Database_ -> _Database reports..._ menu option then click on _Browser Statistics_ on the left-hand menu. From here you can see all entries with URLs applied to them, explicitly allowed and denied URLs, and any entries with custom browser settings.
+=== Generate Passwords
+The KeePassXC-Browser Extension also lets you generate passwords directly in your browser. 
+This feature can be used for websites with existing credentials as well as for new websites. 
+You can then choose to update/add the credentials to your KeePassXC database directly from the Browser.
 
-.Browser statistics
+1. Ensure your database is unlocked and configured to use the Browser extension as shown above.
+
+2. Right click on a password field and from the KeePassXC sub-menu choose _Show Password Generater_. The standard KeePassXC password generator will appear.
+
+3. Configure the password generation options and click _Apply Password_ when done. The generated password will be filled into the previously selected field.
+
+4. When you have succussfully submitted the password on the website, a popup will appear asking you to either udpate an existing entry or add a new one.
+
+// tag::advanced[]
+=== Browser Integration Report
+You can see a cross-section of all browser-related settings applied to entries within a database through the Browser Statistics report. To access, use the _Database_ -> _Database reports..._ menu option then click on _Browser Statistics_ on the left-hand menu. From here you can see all entries with URLs applied to them, explicitly allowed and denied URLs, and any entries with custom browser settings.
+
+TIP: You can delete remembered site settings from the report by right clicking the entry you want to reset and selecting "Delete plugin data from entry".
+
+.Browser Integration Report
 image::browser_statistics.png[]
 
+=== Additional Fill-In Fields
+Sometimes login pages have additional fields you would like to fill (e.g., account number). Use the following instructions to add them:
+
+1. Edit the entry you want to add fields to. Go to the advanced tab and add the attributes you need. Each attribute *must start with* `KPH:`, but otherwise the name does not matter. If multiple KPH attributes are defined, they are used in alphabetical order (i.e., the order shown in KeePassXC).
+2. Within the browser, navigate to the page you want to use the additional fields on. Select the "Choose Custom Login Fields" button from the extension popup window. Choose Username, Password and String Field(s). Confirm the selections.
+3. Refresh the web page. The new KPH attribute(s) should be filled to the extra fields.
+
+.String Fields Selection in Browser
+image:browser_integration_additional_attribute.png[]
+
+=== Clearing Remembered Sites
+Entries that you have chosen to remember allow/deny rules are stored in their respect custom data fields. You can clear all of these remembered settings at once through the database settings. Follow these steps:
+
+1. Go to *Database* → *Database Settings* or click the database settings icon in the toolbar.
+2. Go to the *Browser Integration* tab, then click on the *Forget all site-specific settings on entries* button. 
+3. Confirm this action in the popup dialog. This cannot be undone once the database is saved. 
++
+.Clear Remembered Sites
+image::browser_integration_clear_sites.png[,100%]
+
 === Advanced Usage
 You can configure unique browser integration behavior for each entry. This allows you to add multiple URLs to an entry, hide an entry from the browser integration, and more. To access these settings, open an entry for editing then click on _Browser Integration_ option in the left-hand menu *(1)*.
 
 After opening the settings you can add any number of additional URLs by clicking the _Add_ button *(2)* and typing the URL in the list to the left *(3)*.
 
+Additional URLs also supports wildcards (with KeePassXC 2.7.10 and later). You can use URLs like:
+----
+https://*.example.com
+https://example.com/*/path
+https://sub.*.example.com/path/*
+----
+
 .Entry browser settings
 image::browser_entry_settings.png[]
 
@@ -123,8 +168,23 @@ WARNING: We do not recommend changing any of these settings as they may break th
 image::browser_advanced_settings.png[]
 
 === Advanced Setup
+==== Custom Browser option
+It is possible to enable support for a custom browser (e.g. LibreWolf, WaterFox, Arc, beta and nightly browsers, etc.) using this feature.
+This feature is only available for Linux and macOS.
+
+.Custom browser configuration
+image::browser_custom_browser_configuration.png[]
+
+The native messaging script file needed for the custom browser depends on the browser type. For Firefox based browsers like Librefox the _Browser type_ must be _Firefox_. For Arc, Opera, etc. the type must be set to _Chromium_.
+
+_Config location_ must have the exact path for the browser's _native-messaging-hosts_ folder. If you are unsure, refer to our https://github.com/keepassxreboot/keepassxc-browser/wiki/Troubleshooting-guide#1-after-enabling-browser-integration-and-support-for-your-browser[Troubleshooting Guide] for listing of the most common paths, and a few ways for finding a path when it's not known.
+
+When a Custom Browser has been successfully set, KeePassXC will automatically write the needed native messaging script file to the folder.
+
+If you wish to support multiple custom browsers, you can copy the native messaging script files manually to the _native-messaging-hosts_ folder from other browsers.
+
 ==== Managed Microsoft Edge on Windows
-1. Deploy *org.keepassxc.keepassxc_browser_edge.json* to, for example, `C:\ProgramData\KeepassXC` on all managed platforms.
+1. Deploy *org.keepassxc.keepassxc_browser_edge.json* to, for example, `C:\ProgramData\KeePassXC\` on all managed platforms.
 +
 ----
 {
@@ -138,7 +198,7 @@ image::browser_advanced_settings.png[]
 }
 ----
 
-2. Configure GPO options (registry result):
+2. Configure GPO options (see https://learn.microsoft.com/en-us/deployedge/microsoft-edge-policies#native-messaging[Microsoft Edge Native Messaging Policies] for more information.):
 +
 ----
 Windows Registry Editor Version 5.00
@@ -154,5 +214,10 @@ Windows Registry Editor Version 5.00
 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\NativeMessagingAllowlist]
 "1"="org.keepassxc.keepassxc_browser"
 ----
+
+==== Managed Microsoft Edge on macOS
+1. Deploy *org.keepassxc.keepassxc_browser_edge.json* to `/Library/Microsoft/Edge/NativeMessagingHosts`.
+
+2. You may need to configure Edge to allowlist the extension and native messaging host. See https://learn.microsoft.com/en-us/deployedge/microsoft-edge-policies#native-messaging[Microsoft Edge Native Messaging Policies] for more information.
 // end::advanced[]
 // end::content[]

docs/topics/DatabaseOperations.adoc

@@ -36,6 +36,13 @@ NOTE: Keep this password for your database safe. Either memorize it or note it d
 
 5. Click Done. You will be prompted to select a location to save your database file. The database file is saved on to your computer with the default `.kdbx` extension. You can store your database wherever you wish, it is fully encrypted at all times preventing unauthorized access.
 
+=== Storing Your Database
+The database file that you create might contain highly sensitive data and must be stored in a very secure way. You must make sure that the database is always protected with a strong and long password. The database file that is protected with a strong and long password is secure and encrypted while stored on your computer or cloud storage service.
+
+Make sure that you or someone else does not accidentally delete the database file. Deletion of the database file will result in the total loss of all your information (including all your passwords!) and a lot of inconvenience to manually retrieve your logins for various web applications. Do not share the credentials to access your database file with anyone unless you absolutely trust them (spouse, child, etc.).
+
+TIP: You can safely store your database file in the cloud (OneDrive, Dropbox, Google Drive, Nextcloud, Syncthing, etc.). The database file is always fully encrypted; unencrypted data is never written to disk and is never accessible to your cloud storage provider. We recommend using a storage service that keeps automatic backups (version history) of your database file in the event of corruption or accidental deletion.
+
 === Opening an Existing Database
 To open an existing database, perform the following steps:
 
@@ -51,9 +58,11 @@ image::unlock_database.png[]
 
 3. Enter the password for your database.
 
-4. _(Optional)_ Browse for the Key File if you have chosen it as an additional authentication factor while creating the database. Refer to the KeePassXC User Guide for more information on setting a Key File as an additional authentication factor.
+4. _(Optional)_ Click *I have a key file (A)* if you have one as an additional authentication factor for your database.
 
-5. Click *OK*. The database opens and the following screen is displayed:
+5. _(Optional)_ Plug in your configured YubiKey or OnlyKey to use it as an additional authentication factor. If you don't see it listed, press the refresh button *(B)*.
+
+6. Click *OK*. The database opens and the following screen is displayed:
 +
 .Unlocked database
 image::database_view.png[]
@@ -66,35 +75,24 @@ NOTE: On Windows, you will be prompted to authenticate to Windows Hello after un
 .Windows Hello example
 image::quick_unlock_windows_hello.png[]
 
-When your database is locked, you will see the following unlock dialog. Simply press _Enter_ or click on _Unlock Database_ to initiate the biometric authentication process. If you are using a hardware key (e.g. Yubikey), it must be connected to your computer to complete the unlock.
+When your database is locked, you will see the following unlock dialog. Simply press kbd:[Enter] or click on _Unlock Database_ to initiate the biometric authentication process. If you are using a hardware key (e.g. Yubikey), it must be connected to your computer to complete the unlock.
 
 .Quick Unlock
 image::quick_unlock.png[]
 
 // tag::advanced[]
-=== Expired Entries
-By default, KeePassXC will show entries that are expired or will be expiring within 3 days after unlocking the database. This feature allows you to change your passwords before they expire and be aware of passwords that are no longer valid. You can disable or change this feature in the Application Settings.
+NOTE: By default, KeePassXC will show entries that are expired or will be expiring within 3 days after unlocking the database. This feature allows you to change your passwords before they expire and be aware of passwords that are no longer valid. You can disable or change this feature in the Application Settings.
 
-=== Advanced Save Options
-There are three ways that KeePassXC can handle database files. This behavior is set in the Application Settings under _File Operations_.
-
-1. _(Default)_ *Safe saves* create a temporary database file alongside the existing one and atomically move it into place when all writing is complete. This prevents database corruption in the case of application crashes, loss of power, or other interruptions.
-
-2. *Temporary file saves* create a database in the temporary files folder. This database is then moved into place overtop of the existing file. Although rare, interruptions in this move process could leave your database in an unknown state. This option is useful for overcoming poorly behaved cloud sync tools.
-
-3. *Direct-write saves* write directly to the existing database file. This is an unsafe operation since any interruption can leave your entire database inaccessible. We only recommend using this option when interfacing with Linux GVFS services (e.g. Google Cloud on Gnome) and other types of storage services that host a virtual drive system.
-
-In addition to these save options, KeePassXC can create a backup of your existing database file just prior to saving. This backup will be saved at the path specified in the *Backup destination* field. This path can be absolute or relative. The latter will be resolved according to the databases path. It is possible to specify a custom naming scheme with placeholders. See xref:UserGuide.adoc#_backup_path_placeholders[Backup Path Placeholders] for available placeholders and examples.
-
-image::save_options.png[]
 // end::advanced[]
+=== Entry Handling
+Entries in KeePassXC are the fundamental units where all your sensitive information is stored. Each entry can contain various fields such as usernames, passwords, URLs, attachments, and notes. You can create, edit, clone, and delete entries as needed. Additionally, KeePassXC supports advanced features like TOTP for two-factor authentication, custom attributes, and entry history to track changes over time. Proper management of entries ensures that your data is organized, secure, and easily accessible when needed.
 
-=== Adding an Entry
+==== Adding an Entry
 All the details such as usernames, passwords, URLs, attachments, notes, and so on are stored in database entries. You can create as many entries as you want in the database.
 
 To add an entry, perform the following step:
 
-1. Navigate to Entries > New Entry (Or, press Ctrl+N). The following screen appears:
+1. Navigate to Entries > New Entry (or press kbd:[Ctrl+N]). The following screen appears:
 +
 .Adding a new entry
 image::edit_entry.png[]
@@ -112,18 +110,18 @@ image::edit_entry.png[]
 
 5. Click *OK* to add the entry to your database.
 
-=== Editing an Entry
+==== Editing an Entry
 To edit the details in an entry, perform the following steps:
 
 1. Select the entry you want to edit.
 
-2. Press `Enter`, click the edit toolbar icon, or right-click and select Edit Entry from the menu.
+2. Press kbd:[Enter], click the edit toolbar icon, or right-click and select Edit Entry from the menu.
 
 3. Make the desired changes.
 
 4. Click *OK*.
 
-=== Adding TOTP to an Entry
+==== Adding TOTP to an Entry
 Timed One-Time Passwords (TOTP) are a popular choice for two-factor authentication methods. These codes are typically six digits long and change every 30 seconds. They are derived from a shared secret value and the current time. Once set up, KeePassXC can calculate TOTP codes like any authenticator app, such as Google Authenticator. The codes can be used with copy/paste, browser extension, and Auto-Type.
 
 TIP: Your computer time must be synchronized with an internet time source to generate valid TOTP codes, https://www.nist.gov/pml/time-and-frequency-division/time-distribution/internet-time-service-its[read more here].
@@ -145,24 +143,34 @@ After an entry is configured with TOTP, you will see a clock icon in that entry'
 .TOTP Usage
 image::totp_usage_examples.png[]
 
-=== Deleting an Entry
+==== Entry Icons
+You can select an icon to be displayed with each entry for easy identification. KeePassXC comes with a set of default icons that you can use or you can use your own custom icons. If you defined a URL with an entry, you can also download the favorite icon for that particular website.
+
+NOTE: To delete a custom icon, go to <<Database Maintenance>> where you can purge unused icons and delete one or more icons at a time.
+
+.Entry icon selection
+image::edit_entry_icons.png[]
+
+TIP: Each KeePass application has different default icons. If you use a mobile app or KeePass2, be aware that the default icons may not be exactly correspond to the KeePassXC icons.
+
+==== Deleting an Entry
 To delete an entry, perform the following steps:
 
-1. Select the entry you want to delete and press the `Delete` button on your keyboard.
+1. Select the entry you want to delete and press the kbd:[Del] button on your keyboard.
 
 2. You will be prompted to move the entry to the Recycle Bin (if enabled).
 +
 NOTE: You can disable the recycle bin within the Database Settings. If the recycle bin is disabled then deleted entries will be permanently removed from the database.
 
-3. To permanently delete the entry, navigate to the Recycle Bin, select the entry you want to delete and press the `Delete` button on your keyboard.
+3. To permanently delete the entry, navigate to the Recycle Bin, select the entry you want to delete and press the kbd:[Del] button on your keyboard.
 
 // tag::advanced[]
-=== Clone an Entry
+==== Clone an Entry
 Creating a clone of an entry provides you a ready-to-use template for creating new entries with similar details of a master entry.
 
 To create a clone of an existing entry, perform the following steps:
 
-1.	Right-click on the entry for which you want to create a clone and select _Clone Entry_. Alternatively, select the desired entry and press `Ctrl+K`.
+1.	Right-click on the entry for which you want to create a clone and select _Clone Entry_. Alternatively, select the desired entry and press kbd:[Ctrl+K].
 +
 .Clone entry from context menu
 image::clone_entry.png[]
@@ -180,12 +188,73 @@ image::clone_entry_dialog.png[,50%]
 .References in a cloned entry
 image::clone_entry_references.png[]
 
-4. You can create your own references using the xref:UserGuide.adoc#_entry_cross_reference[Entry Reference Syntax]
+4. You can create your own references using the <<Entry Cross-Reference, Entry Reference Syntax>>
 
-== Searching the Database
-KeePassXC provides an enhanced and granular search features the enables you to search for specific entries in the databases using the different modifiers, wild card characters, and logical operators.
+==== Entry URL Handling
+KeePassXC can handle URLs in various ways. Standard URLs will be opened in your default browser. URLs that start with schemas handled by your Operating System will launch the associated application, for example `ftp://` or `ssh://`. You can also use the following URL schemas to perform specific actions:
 
-=== Modifiers and Fields
+|===
+|Schema    | Example   | Description
+
+|cmd://
+|`cmd://ssh {USERNAME}@example.com -p 2222`
+|Launches the specified command line executable with the specified arguments. The executable must be present on your PATH or an absolute path must be specified.
+
+|kdbx://
+|`kdbx://~/dbs/passwords.kdbx`
+|Opens the specified database file. Set the entry's username to the keyfile path (if required) and password to the database password. The database will open in a new tab.
+
+|===
+
+=== Advanced Entry Handling
+KeePassXC offers several advanced options for managing your database entries. Additional Attributes allow you to store extra information required by some applications and websites. Attachments enable you to attach files to entries, stored as encrypted binaries, which can be previewed directly in the application (text and images). Icons can be selected or downloaded for easy identification of entries. The Properties section lets you view basic properties such as creation, modification, and last accessed times, and retrieve an entry's UUID for references. KeePassXC also maintains a history of changes to entries, allowing you to view, restore, or delete previous versions of an entry.
+
+==== Additional Attributes
+A lot of applications and web sites now require providing additional information when you create accounts. The additional information is used to block hackers if any suspicious activity is detected. In addition, the additional information you provide can be used to reset passwords if you forget them. You can also store arbitrary information here that can be copied to the clipboard or Auto-Typed using the `{S:<ATTR_NAME>}` action code.
+
+To protect an attribute from being displayed by default, activate the _Protect_ checkbox *(A)*. To show the contents of the attribute while keeping it protected, press the _Reveal_ button *(B)*.
+
+.Additional attributes example
+image::edit_entry_attributes.png[]
+
+==== Attachments
+You can attach files to any entry in your database by pressing the _Add_ button *(A)*. These files are added to the database and stored as encrypted binaries. You can open, save, or delete attachments from this interface *(B)*.
+
+NOTE: When you try to open the attached file, KeePassXC extracts the attachment to a temporary file and opens it using the default application associated with the file type. After finishing viewing or editing the file, you can choose between importing or discarding the changes that you made to the temporary file. KeePassXC securely deletes the temporary file by overwriting it.
+
+.Attachments interface
+image::edit_entry_attachments.png[]
+
+==== Foreground and Background Color
+You can change the foreground *(A)* and/or background *(B)* color that this entry will use in the entry lists. Click the corresponding box to open the color picker dialog.
+
+.Color picker dialog
+image::edit_entry_colors.png[]
+
+==== Properties
+KeePassXC lets you view the basic properties such as date and time of creation, modification, and when last accessed. This is also where you can retrieve an entry's UUID for use in references.
+
+.Entry properties view
+image::edit_entry_properties.png[]
+
+==== History
+KeePassXC maintains a history of changes you make to your entries. Each time you change an entry, KeePassXC automatically creates a backup copy of the current, non-modified entry before saving the new values. You can view the changes you made previously, restore, and delete the history of changes you made. The age of the history item, the changes that were made, and the entry's size are shown in the table view.
+
+ * Show: Display this history item for review, a read-only copy of the entry will be shown.
+ * Restore: Reinstate the selected history item as the active entry details.
+ * Delete: Delete the selected history item.
+ * Delete All: Delete the entire history for this entry.
+
+.Entry history view
+image::edit_entry_history.png[]
+
+NOTE: Restoring an old history item will store the current entry settings as a new history item.
+
+// end::advanced[]
+=== Search
+KeePassXC provides a robust search that enables you to find specific entries in the databases using different modifiers, wild card characters, and logical operators. By default, search considers the following fields when matching your query: Title, Username, URL, Tags, and Notes. To include other fields and/or narrow your search to specific fields, you can use the search syntax described below.
+
+==== Modifiers and Fields
 [grid=rows, frame=none, width=70%]
 |===
 |Modifier   |Description
@@ -201,14 +270,15 @@ The following fields can be searched along with their abbreviated name in parent
 * Title (t)
 * Username (u)
 * Password (p, pw)
-* URL
+* URL (url)
 * Notes (n)
 * Attribute names and values (attr)
 * Attachment (attach)
 * Group (g)
+* Tags (tag)
 * Entry State (is:expired, is:weak)
 
-=== Wild Card Characters and Logical Operators
+==== Wild Card Characters and Logical Operators
 [grid=rows, frame=none, width=70%]
 |===
 |Wild Card Character    |Description
@@ -218,7 +288,7 @@ The following fields can be searched along with their abbreviated name in parent
 |\|	                    |Logical OR
 |===
 
-=== Sample Search Queries
+==== Sample Search Queries
 The following tables lists a few samples search queries for your reference:
 
 |===
@@ -236,63 +306,39 @@ The following tables lists a few samples search queries for your reference:
 |`+attr:mystring123`
 |Searches all additional attributes for any name OR value equal to mystring123.
 
+|`+tag:personal`
+| Search exactly for the 'personal' tag and do not include tags such as 'my personal'.
+
 |`is:expired is:weak`
 |Searches for all expired entries with weak passwords.
 |===
 
-== Advanced Entry Options
-=== Additional Attributes
-A lot of applications and web sites now require providing additional information when you create accounts. The additional information is used to block hackers if any suspicious activity is detected. In addition, the additional information you provide can be used to reset passwords if you forget them. You can also store arbitrary information here that can be copied to the clipboard or Auto-Typed using the `{S:<ATTR_NAME>}` action code.
+// tag::advanced[]
+=== Merging Databases
+KeePassXC allows you to merge entries from one database into another through the _Database_ -> _Merge From Database_ menu item. When merging, entries from the specified database will be imported into your currently open database. The merge process compares entries based on their unique identifiers (UUIDs) and modified timestamp. When an entry UUID matches, no matter which group it is in, the most recently modified version will be made the current and the previous version will be placed into the entry's history. Any new entries and/or groups will be added to the open database. This feature is useful for consolidating multiple databases or synchronizing databases from conflict files in a cloud storage system.
 
-To protect an attribute from being displayed by default, activate the _Protect_ checkbox *(A)*. To show the contents of the attribute while keeping it protected, press the _Reveal_ button *(B)*.
+NOTE: When you delete entries, a record of that deletion (the entry UUID) is stored to prevent that entry from reappearing from a merge operation. An existing entry that has the same UUID as a deleted item will be removed from the database without prompt.
 
-.Additional attributes example
-image::edit_entry_attributes.png[]
+=== Advanced Save Options
+There are three ways that KeePassXC can handle database files. This behavior is set in the Application Settings under _File Operations_.
 
-=== Attachments
-You can attach files to any entry in your database by pressing the _Add_ button *(A)*. These files are added to the database and stored as encrypted binaries. You can open, save, or delete attachments from this interface *(B)*.
+1. _(Default)_ *Safe saves* create a temporary database file alongside the existing one and atomically move it into place when all writing is complete. This prevents database corruption in the case of application crashes, loss of power, or other interruptions.
 
-NOTE: When you try to open the attached file, KeePassXC extracts the attachment to a temporary file and opens it using the default application associated with the file type. After finishing viewing or editing the file, you can choose between importing or discarding the changes that you made to the temporary file. KeePassXC securely deletes the temporary file by overwriting it.
+2. *Temporary file saves* create a database in the temporary files folder. This database is then moved into place overtop of the existing file. Although rare, interruptions in this move process could leave your database in an unknown state. This option is useful for overcoming poorly behaved cloud sync tools.
 
-.Attachments interface
-image::edit_entry_attachments.png[]
+3. *Direct-write saves* write directly to the existing database file. This is an unsafe operation since any interruption can leave your entire database inaccessible. We only recommend using this option when interfacing with Linux GVFS services (e.g. Google Cloud on Gnome) and other types of storage services that host a virtual drive system.
 
-=== Foreground and Background Color
-You can change the foreground *(A)* and/or background *(B)* color that this entry will use in the entry lists. Click the corresponding box to open the color picker dialog.
+=== Database Backup Options
+In addition to these save options, KeePassXC can create a backup of your existing database file just prior to saving. This backup will be saved at the path specified in the *Backup destination* field. This path can be absolute or relative. The latter will be resolved according to the databases path. It is possible to specify a custom naming scheme with placeholders. See <<Backup Path Placeholders, Backup Path Placeholders>> for available placeholders and examples.
 
-.Color picker dialog
-image::edit_entry_colors.png[]
+image::save_options.png[]
 
-=== Icons
-You can select an icon to be displayed with each entry for easy identification. KeePassXC comes with a set of default icons that you can use or you can use your own custom icons. If you defined a URL with an entry, you can also download the favorite icon for that particular website.
+Alternatively, backups can be created on-demand using the _Database_ -> _Save Database Backup..._ menu feature.
 
-NOTE: To delete a custom icon, go to xref:UserGuide.adoc#_database_maintenance[Database Maintenance] where you can purge unused icons and delete one or more icons at a time.
+.Saving a database backup
+image::save_database_backup.png[,40%]
 
-.Entry icon selection
-image::edit_entry_icons.png[]
-
-TIP: Each KeePass application has different default icons. If you use a mobile app or KeePass2, be aware that the default icons may not be exactly correspond to the KeePassXC icons.
-
-=== Properties
-KeePassXC lets you view the basic properties such as date and time of creation, modification, and when last accessed. This is also where you can retrieve an entry's UUID for use in references.
-
-.Entry properties view
-image::edit_entry_properties.png[]
-
-=== History
-KeePassXC maintains a history of changes you make to your entries. Each time you change an entry, KeePassXC automatically creates a backup copy of the current, non-modified entry before saving the new values. You can view the changes you made previously, restore, and delete the history of changes you made. The age of the history item, the changes that were made, and the entry's size are shown in the table view.
-
- * Show: Display this history item for review, a read-only copy of the entry will be shown.
- * Restore: Reinstate the selected history item as the active entry details.
- * Delete: Delete the selected history item.
- * Delete All: Delete the entire history for this entry.
-
-.Entry history view
-image::edit_entry_history.png[]
-
-NOTE: Restoring an old history item will store the current entry settings as a new history item.
-
-== Automatic Database Opening
+=== Automatic Database Opening
 You can setup one or more databases to open automatically when you unlock a single database. This is done by *(1)* defining a special group named `AutoOpen` with *(2)* entries that contain the file path and credentials for each database that should be opened. There is no limit to the number of databases that can be opened.
 
 TIP: Case matters with auto open, the group name must be exactly `AutoOpen` and it must be a child of the root group.
@@ -329,10 +375,12 @@ image::database_settings.png[]
  * *Database name:* This is the default identifier for your database and is shown in the tab bar and title bar (when active). You can change this name as desired.
  * *Database description:* Provide some meaningful description for your database.
  * *Default username:* Provide a default username for all new entries that you create in this database.
+ * *Public Database Metadata:* Here you can set a public (unencrypted) name, icon, and color for your database. This is used on the database unlock screen to help distinguish multiple databases from each other.
  * *Max history items:* This is the maximum number of history items that are stored for each entry. When you set this to 0, no history will be saved. Set this value to a low value to prevent the database from getting too large (we recommend no more than 10).
  * *Max. history size:* When the history of an entry gets above this size, it is truncated. For example, this happens when entries have large attachments. Set this value small to prevent the database from getting too large (we recommend 6 MiB).
  * *Use recycle bin:* Select this check-box if you want deleted entries to move to the recycle bin instead of being permanently removed. The recycle bin will be created if it does not already exist after your first deletion. To delete entries permanently, you must empty the recycle bin manually.
  * *Enable compression:* KeePassXC databases can be compressed before being encrypted. Compression reduces the size of the database and does not have any appreciable affect on speed. It is recommended to always save databases with compression.
+ * *Autosave delay:* Customize the automatic database save operation by delaying it for a set time since the last change. By default, this option is disabled for fast saving, but can be useful for large databases to avoid delays after each change.
 
 3. Click the Security button in the left-hand menu bar to change your database credentials and change encryption settings.
 +
@@ -364,42 +412,9 @@ The following key derivation functions are supported:
 
  * Argon2 (KDBX 4 – recommended): KDBX 4, the Argon2 key derivation function can be used for transforming the composite master key (as protection against dictionary attacks). The main advantage of Argon2 over AES-KDF is that it provides a better resistance against GPU/ASIC attacks (due to being a memory-hard function). The number of iterations scales linearly with the required time. By increasing the memory parameter, GPU/ASIC attacks become harder and the required time increases. The parallelism parameter can be used to specify how many threads should be used. We recommend using Argon2id to prevent against timing-based attacks. Argon2d offers maximum compatibility with other KeePass-based apps, the default settings provide sufficient protection against any known attacks.
 
-== Database Maintenance
+=== Database Maintenance
 KeePassXC offers some maintenance features that can be applied to clean up your database. Navigate to _Database_ -> _Database settings_ then click on _Maintenance_ on the left hand panel. The following screen appears. On this screen you can delete multiple icons at once and purge any unused icons in your database.
 
 image::database_maintenance.png[]
-
-=== Creating a YubiKey backup
-It is advisable to have a backup replica YubiKey In case your main YubiKey gets damaged, lost, or stolen. The same HMAC key will need to be written to both keys. To do this you can either use the YubiKey Personalization Tool GUI or the ykpersonalize CLI tool. The steps for the CLI tool are shown:
-
-1. Create a 20 byte HMAC key:
-+
-```
-dd status=none if=/dev/random bs=20 count=1 | xxd -p -c 40
-```
-
-2. Write the HMAC key to slot 2 _(Set through the first switch. Out of the box the YubiKey OTP resides in slot 1)_:
-+
-```
-ykpersonalize -2 -a -ochal-resp -ochal-hmac -ohmac-lt64 -oserial-api-visible -oallow-update
-```
-
-You will be asked to enter the HMAC key you created earlier, copy/paste they key output in the first step. Repeat step 2 for your second YubiKey using the same HMAC key from before. We recommend storing your HMAC key in a safe place (e.g., printed on paper) in case you need to recreate another key.
-
-== Command Line Tool
-KeePassXC comes with the command line tool *keepassxc-cli* to access, view, and manipulate your database directly from a terminal window. The tool is documented through a separate man page, which can be shown using `man keepassxc-cli`, or through the on-demand help using `keepassxc-cli [command] -h`. An online version of the man page is https://github.com/keepassxreboot/keepassxc/blob/master/docs/man/keepassxc-cli.1.adoc[available on GitHub].
 // end::advanced[]
-
-== Storing a Database File
-The database file that you create might contain highly sensitive data and must be stored in a very secure way. You must make sure that the database is always protected with a strong and long password. The database file that is protected with a strong and long password is secure and encrypted while stored on your computer or cloud storage service.
-
-Make sure that you or someone else does not accidentally delete the database file. Deletion of the database file will result in the total loss of all your information (including all your passwords!) and a lot of inconvenience to manually retrieve your logins for various web applications. Do not share the credentials to access your database file with anyone unless you absolutely trust them (spouse, child, etc.).
-
-TIP: You can safely store your database file in the cloud (OneDrive, Dropbox, Google Drive, Nextcloud, Syncthing, etc.). The database file is always fully encrypted; unencrypted data is never written to disk and is never accessible to your cloud storage provider. We recommend using a storage service that keeps automatic backups (version history) of your database file in the event of corruption or accidental deletion.
-
-== Backing up a Database File
-It is a good practice to create copies of your database file and store the copies of your database on a different computer, smart phone, or cloud storage space such a Google Drive or Microsoft OneDrive. Backups can be created automatically by selecting the _Backup database file before saving_ option in the application settings. Additionally, you can create a backup on-demand using the _Database_ -> _Save Database Backup..._ menu feature.
-
-.Saving a database backup
-image::save_database_backup.png[,40%]
 // end::content[]

docs/topics/ImportExport.adoc

@@ -3,60 +3,86 @@ include::.sharedheader[]
 :imagesdir: ../images
 
 // tag::content[]
-== Importing External Databases
+== Importing Databases
 KeePassXC allows you to import external databases from the following options:
 
-* Comma-Separated Values (CSV) file
-* 1Password OPVault
-* KeePass 1 Database
+* Comma Separated Values (.csv)
+* 1Password Export (.1pux)
+* 1Password Vault (.opvault)
+* Bitwarden (.json)
+* Proton Pass (.json)
+* KeePass 1 Database (.kdb)
+
+To import any of these files, start KeePassXC and either click the `Import File` button on the welcome screen or use the menu Database > Import... to launch the Import Wizard.
+
+.Import Wizard
+image::import_wizard.png[]
+
+For each of the import options, you will be prompted to select the file to import and then provide credentials to unlock the file, if necessary. You can then choose to import the file into a new database or into an existing database that is already unlocked in KeePassXC.
 
 === Importing CSV File
-If you have been saving your URLs, usernames, passwords, and so on in a CSV file, you can migrate all that information from the CSV file to KeePassXC and start using KeePassXC to maintain your data.
+WARNING: A CSV file is unencrypted and you should securely delete this file after successfully importing it into KeePassXC.
 
-To open the CSV file, perform the following steps:
+1. Follow the steps above and click `Continue`. The CSV import wizard will appear.
 
-1. Open KeePassXC.
-
-2. Click Import from CSV button on the welcome screen or use the menu Database > Import > CSV File.
-
-3. Navigate to the location of the your CSV file on your computer and open the file. The new database wizard will appear. Follow the steps of creating a new database in Chapter 1.
-
-4. After saving your new database file, the CSV import wizard will appear. On this dialog you can choose the various options for properly importing the data. You may need to select the _First line has field names_ checkbox before starting. Analyze the output in the preview at the bottom to determine the correct import settings.
+2. On this dialog you can choose the various options for properly importing the data. Analyze the output in the preview at the bottom to determine the correct import settings. You may need to re-map the column associations to match the data in your CSV file.
 +
 .CSV Import Wizard
 image::csv_import.png[]
 
-Your CSV file gets imported to KeePassXC and the data is converted to the KeePassXC format for further usage and maintenance. The new database file is saved on to your computer with the default `.kdbx` extension.
+3. Click `Done` to complete the import. If you chose to create a new database, the New Database dialog will appear. Otherwise your entries will be nested under the group you chose for the existing database.
+
+=== Importing from Other Applications
+KeePassXC allows you to import databases from various applications including 1Password (1PUX and OPVault), Bitwarden, and Proton Pass. Each import option involves selecting the file, providing necessary credentials (if required), and choosing to import into a new or existing database. Note that CSV, 1Password Export, Bitwarden, and Proton Pass files are unencrypted and should be securely deleted after import.
+
+==== 1Password Export
+WARNING: A 1Password Export file is unencrypted and you should securely delete this file after successfully importing it into KeePassXC.
+
+1. Open the Import Wizard as shown above. Select the 1Password Export option.
+
+2. Click `Continue` to unlock and preview the import. Click `Done` to complete the import.
+
+==== 1Password OPVault
+NOTE: You must have 1Password version 7 or 8 to export your data to an OPVault. If you are using a newer version of 1Password, you should use the 1Password Export (1PUX) format instead.
 
-=== Importing 1Password OPVault
 Save your 1Password Vault locally to create an OPVault directory. Please see 1Password instructions on how to do this. Once an OPVault is created, perform the following steps:
 
-1. Open KeePassXC.
+1. Open the Import Wizard as shown above. Select the 1Password Vault option.
 
-2. Use the menu Database > Import > 1Password Vault. Select the OPVault to import.
+2. Enter the password for your vault and click `Continue` to unlock and preview the import. Click `Done` to complete the import.
 
-3. Enter the password for your OPVault to unlock and import.
+==== Bitwarden
+WARNING: A Bitwarden Export file may be unencrypted and you should securely delete this file after successfully importing it into KeePassXC.
+
+1. Open the Import Wizard as shown above. Select the Bitwarden option.
+
+2. Optionally provide a password to decrypt the Bitwarden export file. You should only need to do this if you have chosen the encrypted json export option within Bitwarden.
+
+3. Click `Continue` to unlock and preview the import. Click `Done` to complete the import.
+
+==== Proton Pass
+WARNING: A Proton Pass Export file is unencrypted and you should securely delete this file after successfully importing it into KeePassXC.
+
+1. Open the Import Wizard as shown above. Select the Proton Pass option.
+
+2. Click `Continue` to preview the import. Click `Done` to complete the import.
 
 === Importing KeePass 1 Database
-KeePass 1 database is an older format of the database created using legacy version of KeePass. KeePassXC lets your import this older format of the database and you can seamlessly start using this database in your new KeePassXC application.
+KeePass 1 database is an older format of the database created using a legacy version of KeePass. KeePassXC lets your import this older format of the database and you can seamlessly start using this database in your new KeePassXC application.
 
 To import a KeePass 1 database file in KeePassXC, perform the following steps:
 
-1. Open KeePassXC.
+1. Open the Import Wizard as shown above. Select the KeePass1 Database option.
 
-2. Click Import from KeePass 1 button on the welcome screen or use the menu Database > Import > KeePass 1 Database.
+2. Enter the password for your database and optionally provide a key file if it was configured for your KeePass1 database.
 
-3. Navigate to the location of the your legacy KeePass 1 database file (`.kdb`) on your computer and open the file. You are prompted for the password and the Key file for your `.kdb` file.
-
-4. Enter the password for your old `.kdb` file and click *OK*. You are prompted for provide a name for the new database format that KeePassXC recognizes.
-
-5. Provide a name for the new database format, select a folder on your computer to save the file, and click Save.
-
-6. The data from the `.kdb` file gets imported and converted to the new format, which is compatible with KeePassXC. You can now start using the new database file (`.kdbx`) in KeePassXC.
+3. Click `Continue` to unlock and preview the import. Click `Done` to complete the import.
 
 == Exporting Databases
 KeePassXC supports multiple ways to export your database for transfer to another program or to print out and archive.
 
+WARNING: These exports do not contain all the information in your database due to various limitations in the export format. For example, the CSV export does not support attachments, advanced attributes, Auto-Type settings, or custom icons. The XML export does not support attachments. The HTML export is mainly for printing and does not support attachments and some custom data fields.
+
 WARNING: Exporting your database will result in all of your passwords and sensitive information being stored in an unencrypted format. We do not recommend saving your exported database for long periods of time as that can cause a compromise of sensitive information.
 
 .Database export menu

docs/topics/KeeShare.adoc

@@ -16,7 +16,7 @@ To use sharing, you need to enable it for the application.
 .KeeShare Application Settings
 image::keeshare_application_settings.png[]
 
-=== Sharing Credentials
+=== Setup a Shared Group
 If you checked _Allow export_ in the Sharing settings you can now share a group of passwords. Sharing is always defined on a particular group. If you enable sharing on a group, every entry under this group, and its children, are shared. If you enable sharing on the root node, **every password** inside your database gets shared!
 
 NOTE: KeeShare does not synchronize group structure after the initial share is created. At this time, KeeShare operates at the entry level; shared entries moved outside of a shared group are still synchronized.

docs/topics/KeyboardShortcuts.adoc

@@ -3,47 +3,64 @@ include::.sharedheader[]
 :imagesdir: ../images
 
 // tag::content[]
-NOTE: On macOS please substitute `Ctrl` with `Cmd` (aka `⌘`).
+NOTE: On macOS please substitute kbd:[Ctrl] with kbd:[Cmd] (AKA kbd:[⌘]).
 
 [grid=rows, frame=none, width=75%]
 |===
-|Action                       | Keyboard Shortcut
+|Action                          | Keyboard Shortcut
 
-|Settings                     | Ctrl + ,
-|Open Database                | Ctrl + O
-|Save Database                | Ctrl + S
-|Save Database As             | Ctrl + Shift + S
-|New Database                 | Ctrl + Shift + N
-|Close Database               | Ctrl + W ; Ctrl + F4
-|Lock All Databases           | Ctrl + L
-|Database Settings            | Ctrl + Shift + ,
-|Database Reports             | Ctrl + Shift + R
-|Quit                         | Ctrl + Q
-|New Entry                    | Ctrl + N
-|Edit Entry                   | Enter ; Ctrl + E
-|Delete Entry                 | Delete
-|Clone Entry                  | Ctrl + K
-|Copy Username                | Ctrl + B
-|Copy Password                | Ctrl + C
-|Copy URL                     | Ctrl + U
-|Open URL                     | Ctrl + Shift + U
-|Copy TOTP                    | Ctrl + T
-|Copy Password and TOTP       | Ctrl + Y
-|Show TOTP                    | Ctrl + Shift + T
-|Trigger AutoType             | Ctrl + Shift + V
-|Add key to SSH Agent         | Ctrl + H
-|Remove key from SSH Agent    | Ctrl + Shift + H
-|Minimize Window              | Ctrl + M
-|Hide Window                  | Ctrl + Shift + M
-|Select Next Database Tab     | Ctrl + Tab ; Ctrl + PageDn
-|Select Previous Database Tab | Ctrl + Shift + Tab ; Ctrl + PageUp
-|Select the nth database      | Ctrl + n, where n is the number of the database tab
-|Toggle Passwords Hidden      | Ctrl + Shift + C
-|Toggle Usernames Hidden      | Ctrl + Shift + B
-|Focus Groups (edit if focused)  | F1
-|Focus Entries (edit if focused) | F2
-|Focus Search                 | F3 ; Ctrl + F
-|Clear Search                 | Escape
-|Show Keyboard Shortcuts      | Ctrl + /
+|Settings                        | kbd:[Ctrl + ,]
+|Open Database                   | kbd:[Ctrl + O]
+|Save Database                   | kbd:[Ctrl + S]
+|Save Database As                | kbd:[Ctrl + Shift + S]
+|New Database                    | kbd:[Ctrl + Shift + N]
+|Close Database                  | kbd:[Ctrl + W] +
+_or_ +
+kbd:[Ctrl + F4]
+|Lock Current Database           | kbd:[Ctrl + L]
+|Lock All Databases              | kbd:[Ctrl + Shift + L]
+|Database Settings               | kbd:[Ctrl + Shift + ,]
+|Database Reports                | kbd:[Ctrl + Shift + R]
+|Quit                            | kbd:[Ctrl + Q]
+|New Entry                       | kbd:[Ctrl + N]
+|Edit Entry                      | kbd:[Enter] +
+_or_ +
+kbd:[Ctrl + E]
+|Delete Entry                    | kbd:[Del]
+|Clone Entry                     | kbd:[Ctrl + D]
+|Copy Username                   | kbd:[Ctrl + B]
+|Copy Password                   | kbd:[Ctrl + C]
+|Copy URL                        | kbd:[Ctrl + U]
+|Open URL                        | kbd:[Ctrl + Shift + U]
+|Copy TOTP                       | kbd:[Ctrl + T]
+|Copy Password and TOTP          | kbd:[Ctrl + Y]
+|Show TOTP                       | kbd:[Ctrl + Shift + T]
+|Trigger AutoType                | kbd:[Ctrl + Shift + V]
+|Add key to SSH Agent            | kbd:[Ctrl + H]
+|Remove key from SSH Agent       | kbd:[Ctrl + Shift + H]
+|Jump to Group (from search)     | kbd:[Ctrl + Shift + J]
+|Move entry up (if unsorted)     | kbd:[Alt + Up]
+|Move entry down (if unsorted)   | kbd:[Alt + Down]
+|Sort Groups A-Z                 | kbd:[Ctrl + Down]
+|Sort Groups Z-A                 | kbd:[Ctrl + Up]
+|Minimize Window                 | kbd:[Ctrl + M]
+|Hide Window                     | kbd:[Ctrl + Shift + M]
+|Select Next Database Tab        | kbd:[Ctrl + Tab] +
+_or_ +
+kbd:[Ctrl + PgDn]
+|Select Previous Database Tab    | kbd:[Ctrl + Shift + Tab] +
+_or_ +
+kbd:[Ctrl + PgUp]
+|Select the nth database         | kbd:[Ctrl + <n>], where kbd:[<n>] is the number of the database tab
+|Toggle Passwords Hidden         | kbd:[Ctrl + Shift + C]
+|Toggle Usernames Hidden         | kbd:[Ctrl + Shift + B]
+|Focus Groups (edit if focused)  | kbd:[F1]
+|Focus Entries (edit if focused) | kbd:[F2]
+|Focus Search                    | kbd:[F3] +
+_or_ +
+kbd:[Ctrl + F]
+|Clear Search                    | kbd:[Esc]
+|Show Keyboard Shortcuts         | kbd:[Ctrl + /]
 |===
 // end::content[]
+

docs/topics/Passkeys.adoc

@@ -0,0 +1,104 @@
+= KeePassXC – Passkeys
+include::.sharedheader[]
+:imagesdir: ../images
+
+// tag::content[]
+== Passkeys
+
+Passkeys are a secure way for replacing passwords that is supported by all major browser vendors and an increasing number of websites. For more information on what passkeys are and how they work, please go to the FIDO Alliance's documentation: https://fidoalliance.org/passkeys/
+
+=== Browser Passkey Support
+
+KeePassXC supports passkeys directly through the Browser Integration service. Passkeys are only supported with the use of the KeePassXC Browser Extension and a properly connected database. To enable passkey support on the extension, you must check the _Enable Passkeys_ option in the extension settings page.
+
+.Enable Passkey Support in the KeePassXC Browser Extension
+image::passkeys_enable_from_extension.png[,75%]
+
+Optionally, you can disable falling back to the built-in passkey support from your browser and operating system. If left enabled, the extension will show the default passkey dialogs if KeePassXC cannot handle the request or the request is canceled.
+
+=== Create a New Passkey
+
+Creating a new passkey and authenticating with it is a simple process. This workflow will be demonstrated using GitHub as an example site. Please note that GitHub allows two use cases for passkeys, one for 2FA only and the other for replacement of username and password entirely. We will be configuring the latter use case in this example.
+
+After navigating to GitHub's _Settings_ -> _Password and authentication_, there is a separate section shown for passkeys.
+
+.GitHub's Passkey Registration
+image::passkeys_github_1.png[]
+
+After clicking the _Add a passkey_ button, the user is redirected to another page showing the actual configuration option.
+
+.Configure Passwordless Authentication
+image::passkeys_github_2.png[,50%]
+
+Clicking the _Add passkey_ button now shows the following popup dialog for the user, asking confirmation for creating a new passkey.
+
+.Passkey Registration Confirmation Dialog
+image::passkeys_register_dialog.png[,30%]
+
+After the passkey has been registered, a new entry is created to the database under _KeePassXC-Browser Passwords_ with _(passkey)_  added to the entry title. The entry holds additional attributes that are used for authenticating the passkey.
+
+After registration, GitHub will ask a name for the passkey. This is only relevant for the server.
+
+.GitHub's Passkey Nickname
+image::passkeys_github_3.png[,50%]
+
+Now the passkey should be shown on the GitHub's passkey section.
+
+.Registered Passkeys on GitHub
+image::passkeys_github_4.png[]
+
+=== Login With a Passkey
+
+The passkey created in the previous section can now be used to login to GitHub. Instead of logging in with normal credentials, choose _Sign in with a passkey_ at the bottom of GitHub's login page.
+
+.GitHub's login page with a Passkey option
+image::passkeys_github_5.png[,50%]
+
+After clicking the button, KeePassXC-Browser detects the passkeys authentication and KeePassXC shows the following dialog for confirmation.
+
+.Passkey authentication confirmation dialog
+image::passkeys_authentication_dialog.png[,50%]
+
+After confirmation user is now authenticated and logged into GitHub.
+
+// tag::advanced[]
+=== Advanced Usage
+
+==== Multiple Passkeys for a Site
+
+Multiple passkeys can be created for a single site. When registering a new passkey with a different username, KeePassXC shows an option to register a new passkey or update the previous one. Updating a passkey will override the existing entry, so this option should be only used when actually needed.
+
+.Passkey authentication confirmation dialog
+image::passkeys_update_dialog.png[,50%]
+
+==== Exporting Passkeys
+
+All passkeys in a database can be viewed and accessed from the _Database_ -> _Passkeys..._ menu item. The page shows both _Import_ and _Export_ buttons for passkeys.
+
+.Passkeys Overview
+image::passkeys_all_passkeys.png[]
+
+After selecting one or more entries, the following dialog is shown. One or multiple passkeys can be selected for export from the previously selected list of entries.
+
+.Passkeys Export Dialog
+image::passkeys_export_dialog.png[,65%]
+
+Exported passkeys are stored in JSON format using the `.passkey` file extension. The file includes all relevant information for importing a passkey to another database or saving a backup. 
+
+WARNING: The exported passkey file is unencrypted and should be securely stored.
+
+==== Importing Passkeys
+
+An exported passkey can be imported directly to a database or to an entry. To import directly, use the _Database_ -> _Import Passkey_ menu item.
+When right-clicking an entry, a separate menu item for _Import Passkey_ is shown. This is useful if user wants to import a previously created passkey to an existing entry.
+
+.Import Passkey to an Entry
+image::passkeys_import_passkey_to_entry.png[,50%]
+
+After selecting a passkey file to import, a separate dialog is shown where you can select which database, group, and entry to target. By default, the group is set to _Imported Passkeys_. The default action is to create a new entry that contains the imported passkey.
+
+.Passkey import dialog
+image::passkeys_import_dialog.png[,65%]
+
+// end::advanced[]
+// end::content[]

docs/topics/PasswordGenerator.adoc

@@ -19,9 +19,8 @@ image::password_generator.png[]
 
 3. Select the length of the desired password by dragging the Length slider.
 4. Select the character-sets that you want to include in your password.
-5. Use the regenerate button (Ctrl + R) to make a new password using the chosen options.
-6. Use the clipboard button (Ctrl + C) to copy the generated password to the clipboard.
-// tag::advanced[]
+5. Use the regenerate button (kbd:[Ctrl + R]) to make a new password using the chosen options.
+6. Use the clipboard button (kbd:[Ctrl + C]) to copy the generated password to the clipboard.
 7. Click the Advanced button to specify additional conditions for your desired password.
 +
 .Advanced Password Generator Options
@@ -40,7 +39,6 @@ Word Count slider.
 3. In the Word Separator field, enter a character, word, number, or space that you want to use as a separator between the words in your passphrase.
 4. _(Optional)_ You can choose a word case between lower, upper, and title case options.
 5. _(Optional)_ You can also load your own custom word lists. Click the plus sign button to the right of the wordlist selection dialog to choose a custom word list. You can download alternative lists from the https://www.eff.org/deeplinks/2016/07/new-wordlists-random-passphrases[EFF's Website] or from https://github.com/redacted/XKCD-password-generator#additional-languages[GitHub].
-6. Click the Regenerate button (Ctrl + R) to generate a new random passphrase.
-7. Click the Clipboard button (Ctrl + C) to copy the passphrase to the clipboard.
-// end::advanced[]
+6. Click the Regenerate button (kbd:[Ctrl + R]) to generate a new random passphrase.
+7. Click the Clipboard button (kbd:[Ctrl + C]) to copy the passphrase to the clipboard.
 // end::content[]

docs/topics/Reference.adoc

@@ -18,6 +18,8 @@ This section contains full details on advanced features available in KeePassXC.
 |{NOTES}         |Notes
 |{TOTP}          |Current TOTP value (if configured)
 |{S:<ATTRIBUTE_NAME>}   |Value for the given attribute (case sensitive)
+|{T-CONV:/<PLACEHOLDER>/<METHOD>/} |Text conversion for resolved placeholder (eg, {USERNAME}) using the following methods: UPPER, LOWER, BASE64, HEX, URI, URI-DEC
+|{T-REPLACE-RX:/<PLACEHOLDER>/<REGEX>/<REPLACE>/} |Use a regular expression to find and replace data from a resolved placeholder (eg, {USERNAME}). Refer to match groups using $1, $2, etc.
 |{URL:RMVSCM}	        |URL without scheme (e.g., https)
 |{URL:WITHOUTSCHEME}	|URL without scheme
 |{URL:SCM}	     |URL Scheme
@@ -47,6 +49,8 @@ This section contains full details on advanced features available in KeePassXC.
 |{DB_DIR}	     |Absolute directory path of database file
 |===
 
+NOTE: You can insert literal placeholder strings by escaping the beginning and ending curly braces. For example, to insert the string `{USERNAME}`, you would type `++\{USERNAME\}++`.
+
 === Entry Cross-Reference
 A reference to another entry's field is possible using the shorthand syntax:
 `{REF:<FIELD>@<SEARCH_IN>:<SEARCH_TEXT>}`
@@ -75,8 +79,8 @@ Examples: +
 |Press the corresponding keyboard key
 
 |{UP}, {DOWN}, {LEFT}, {RIGHT}  |Press the corresponding arrow key
-|{F1}, {F2}, ..., {F16}         |Press F1, F2, etc.
-|{LEFTBRACE}, {RIGHTBRACE}      |Press `{` or `}`, respectively
+|{F1}, {F2}, ..., {F16}         |Press kbd:[F1], kbd:[F2], etc.
+|{LEFTBRACE}, {RIGHTBRACE}      |Press kbd:[{] or kbd:[}], respectively
 |{<KEY> X}  |Repeat <KEY> X times (e.g., {SPACE 5} inserts five spaces)
 |{DELAY=X}     |Set delay between key presses to X milliseconds
 |{DELAY X}     |Pause typing for X milliseconds
@@ -88,10 +92,10 @@ Examples: +
 |===
 |Modifier |Description
 
-|+        |SHIFT
-|^        |CTRL
-|%        |ALT
-|#        |WIN/CMD
+|+        |kbd:[Shift]
+|^        |kbd:[Ctrl]
+|%        |kbd:[Alt]
+|#        |kbd:[Win]/kbd:[Cmd]
 |===
 *Text Conversions:*
 
@@ -124,5 +128,21 @@ Use regular expressions to find and replace data from a resolved placeholder. Re
 `C:\Backups\MyDatabase\01-05-2022.kdbx`
 |===
 
+=== Creating a YubiKey backup
+It is advisable to have a backup replica YubiKey In case your main YubiKey gets damaged, lost, or stolen. The same HMAC key will need to be written to both keys. To do this you can either use the YubiKey Personalization Tool GUI or the ykpersonalize CLI tool. The steps for the CLI tool are shown:
+
+1. Create a 20 byte HMAC key:
++
+```
+dd status=none if=/dev/random bs=20 count=1 | xxd -p -c 40
+```
+
+2. Write the HMAC key to slot 2 _(Set through the first switch. Out of the box the YubiKey OTP resides in slot 1)_:
++
+```
+ykpersonalize -2 -a -ochal-resp -ochal-hmac -ohmac-lt64 -oserial-api-visible -oallow-update
+```
+
+You will be asked to enter the HMAC key you created earlier, copy/paste they key output in the first step. Repeat step 2 for your second YubiKey using the same HMAC key from before. We recommend storing your HMAC key in a safe place (e.g., printed on paper) in case you need to recreate another key.
 
 // end::content[]

docs/topics/SSHAgent.adoc

@@ -3,12 +3,12 @@ include::.sharedheader[]
 :imagesdir: ../images
 
 // tag::content[]
-== SSH Agent integration
+== SSH Agent Integration
 SSH (Secure Shell) is a widely used remote secure shell protocol and is considered an industry standard for secure remote access to UNIX-like systems including Linux, BSDs, macOS and more recently even Windows received native support. SSH supports multiple types of authentication and the most widely used ones are either interactive keyboard input with a password or a public-key cryptography pair of keys.
 
 KeePassXC SSH Agent integration is built to manage SSH keys in a secure manner by either storing them completely within your KeePassXC database or by having only the decryption key of a key file that is stored elsewhere. SSH Agent integration _does not_ provide an agent itself but works as a client for any agent implementation that is OpenSSH compatible.
 
-=== OpenSSH agent on Linux
+=== OpenSSH Agent on Linux
 If you are using a modern desktop Linux distribution it is very likely the OpenSSH agent is already configured and running when you have logged in to a graphical desktop session.
 This should be true for distributions like Debian, Ubuntu (including Kubuntu, Xubuntu and Lubuntu), Linux Mint, Fedora, ElementaryOS and Manjaro.
 
@@ -32,10 +32,10 @@ WARNING: _GNOME Keyring_ prior to release 3.27.92 had its own custom implementat
 It does not support any constraints you may want to configure for an added key.
 If you are running a modern distribution the custom agent has been removed and replaced with the stock OpenSSH agent which is feature complete.
 
-=== OpenSSH agent on macOS
+=== OpenSSH Agent on macOS
 Apple has made OpenSSH an integrated part of macOS with automatic agent startup when it is first used. No further configuration is needed.
 
-=== OpenSSH agent and Pageant on Windows
+=== OpenSSH Agent and Pageant on Windows
 The SSH Agent integration on Windows supports both _PuTTY Pageant_ and _OpenSSH for Windows 10_.
 Since Pageant is currently still the most widely used implementation and is easily installable on any version of Windows, it is the default on KeePassXC.
 However, Microsoft includes a native OpenSSH client implementation with Windows 10 since autumn 2018 that can be used instead. If you would like to self-manage your OpenSSH version you can use the builds offered via their official https://github.com/powershell/Win32-OpenSSH[GitHub repository].
@@ -61,7 +61,7 @@ Alternatively, you can use a _Windows PowerShell_ running as _Administrator_ to
 
 KeePassXC and other compatible tools can now use the Windows OpenSSH agent. To use it with KeePassXC, update the settings explained in <<Setting up SSH Agent integration>>.
 
-=== Setting up SSH Agent integration
+=== Setup SSH Agent Integration
 By default the SSH Agent integration plugin is disabled.
 To enable integration, follow the steps below to access the settings:
 
@@ -78,10 +78,10 @@ On Windows, you have the option to select _Pageant_ and/or _OpenSSH for Windows_
 
 If the value of _SSH_AUTH_SOCK_ is empty it means the agent is not properly configured and KeePassXC will be unable to connect to it unless you provide a static override path to the socket.
 
-=== Generating a key to use with KeePassXC
+=== Generating an SSH Key
 KeePassXC only supports keys in the _OpenSSH_ format. On Windows, _PuTTYgen_ saves keys in its own format by default and you will need to convert them to OpenSSH format before being used. In this guide we are going to generate a standard RSA key in the default size.
 
-==== Generating a key on Linux or macOS with _ssh-keygen_
+==== Generating a key on Linux or macOS
 Open a terminal window and type the following command to generate a key:
 
     $ ssh-keygen -o -f keepassxc -C johndoe@example
@@ -116,13 +116,13 @@ With KeePassXC you only need the first file listed.
 ==== Generating a key on Windows
 On Windows you can generate key pairs with _PuTTYgen_ and with _ssh-keygen_, depending on whether you installed PuTTY and your Windows version.
 
-===== Using _PuTTYgen_
+===== Using PuTTYgen
 Please read the manual on how to use _PuTTYgen_ for details on generate a key: https://the.earth.li/~sgtatham/putty/0.74/htmldoc/Chapter8.html#pubkey-puttygen. Once generated, you must save the key in the new OpenSSH format, see image below.
 
 .Generating a key with _PuTTYgen_
 image::sshagent_puttygen.png[,70%]
 
-===== Using _ssh-keygen_
+===== Using ssh-keygen
 Open _Command Prompt_ or _Windows PowerShell_ and type the following command to generate a key:
 
     PS C:\Users\user> ssh-keygen.exe -o -f keepassxc -C johndoe@example
@@ -159,7 +159,7 @@ Now we can see two files were generated:
 
 With KeePassXC you only need the first file listed.
 
-=== Configuring an entry to use SSH Agent
+=== Adding SSH Key to an Entry
 The last step is to setup an entry to contain the SSH Agent settings and key file you generated.
 
 1. Create a new entry, or open an existing entry in edit mode.

docs/topics/SecretService.adoc

@@ -0,0 +1,48 @@
+= KeePassXC – Secret Service Integration
+include::.sharedheader[]
+:imagesdir: ../images
+
+// tag::content[]
+== Secret Service Integration
+This feature allows KeePassXC to act as a Secret Service provider over DBus. It enables applications to store and retrieve secrets securely via the https://www.freedesktop.org/wiki/Specifications/secret-storage-spec/[Secret Storage specification]. While running, KeePassXC acts as a Secret Service server registered on DBus so clients like seahorse, python-secretstorage, secret-tool, or other implementations can connect and access the exposed database in KeePassXC.
+
+=== Enabling the Integration
+Only one secret service provider can be enabled at a time. You may have to disable other providers, such as GNOME Keyring or KWallet, to use KeePassXC as a secret service provider. You will see a notice when attempting to enable KeePassXC as the secret service provider if another is already running.
+
+To replace most third party secret service providers with KeePassXC, run the following shell snippet:
+
+```bash
+mkdir -p "${XDG_DATA_HOME:-${HOME}/.local/share}/dbus-1/services"
+cat > "${XDG_DATA_HOME:-${HOME}/.local/share}/dbus-1/services/org.freedesktop.secrets.service" <<EOF
+[D-BUS Service]
+Name=org.freedesktop.secrets
+Exec=/usr/bin/keepassxc
+EOF
+```
+
+NOTE: You may need to restart your session or log out and back in for the changes to take effect.
+
+1. Open KeePassXC → **Tools → Settings → Secret Service Integration** → check **Enable KeePassXC Freedesktop.org Secret Service Integration**. Then press OK to save this setting and enable the integration. Go back into this settings screen to see currently open databases that you can unlock and edit their exposure to secret service.
++
+.Secret Service Settings
+image::secretservice_enable_settings.png[]
+
+2. Either click the pencil icon in the previous settings screen, or go to **Database → Database Settings → Secret Service Integration**. Enable **Expose entries under this group**, and select the desired group. All entries within this group and all subgroups will be exposed to the service.
++
+.Secret Service Database Settings
+image::secretservice_database_settings.png[]
+
+3. Use apps that integrate with secret service to start saving and using credentials within KeePassXC. If you enabled confirmation prior to access, you will see the following dialog:
++
+.Secret Service Access Confirmation Dialog
+image::secretservice_access_dialog.png[]
+
+TIP: When applications use `secret-tool` and you have access confirmation enabled, then you will be prompted each time credentials are requested. This is due to `secret-tool` obtaining a new process id each time it is run.
+
+=== Implementation Details
+
+* The user can specify the database and group that is exposed to the service.
+* Desktop notifications when a secret is retrieved and access confirmation dialogs.
+* `FdoSecrets::Service` is the top level DBus service. There is one  `FdoSecrets::Collection` per opened database tab and each entry under the exposed database group has a corresponding `FdoSecrets::Item` DBus object.
+* The following entry attributes are exposed to the secret service: Title, Username, Password, URL, Notes, TOTP, and non-protected Custom Attributes.
+// end::content[]

docs/topics/UserInterface.adoc

@@ -12,13 +12,22 @@ image::main_interface.png[]
 
 *(A) Groups* – Organize your entries into discrete groups to bring order to all of your sensitive information. Groups can be nested under each other to create a hierarchy. Settings from parent groups get applied to their children. You can hide this panel on the View menu.
 
-*(B) Tags* – Dynamic groups of entries that can be quickly displayed with one click. Any number of custom tags can be added when editing an entry. This panel also includes useful pre-defined searches, such as finding expired and weak passwords.
+*(B) Searches and Tags* – Dynamic groups of entries that can be quickly displayed with one click. Any number of custom tags can be added when editing an entry. This panel also includes useful pre-defined and custom saved searches, such as finding expired and weak passwords.
 
-*\(C) Entries* – Entries contain all the information you want to store for a website or application you are storing in KeePassXC. This view shows all the entries in the selected group. Each column can be resized, reordered, and shown or hidden based on your preference. Right-click the header row to see all available options.
+*\(C) Entries* – Entries contain all the information for a website or application you are storing in KeePassXC. This view shows all the entries in the selected group. Each column can be resized, reordered, and shown or hidden based on your preference. Right-click the header row to see all available options.
 
-*(D) Preview* – Shows a preview of the selected group or entry. You can temporarily hide this preview using the close button on the right hand side or completely disabled in the application settings.
+*(D) Preview* – Shows a preview of the selected group or entry. You can interact with most information stored in an entry from here without opening the entry for editing. You can temporarily hide this preview using the down-arrow button on the right hand side or completely disable it from the View menu.
 
-TIP: You can enable double-click copying of entry username and password in the Application Security Settings. This is turned off by default starting with version 2.7.0.
+[TIP]
+====
+Starting with version 2.7.0, double-click copying of entry usernames and passwords is disabled by default.
+
+To enable it:
+
+. Open *KeePassXC*, and navigate to *Tools* → *Settings*.
+. In the left sidebar, select *General*.
+. Under *Entry Management*, check the box for _"Copy data on double clicking field in entry view"_.
+====
 
 === Toolbar
 The toolbar provides a quick way to perform common tasks with your database. Some entries in the toolbar are dynamically disabled based on the information contained in the selected entry. Every common action in KeePassXC can be controlled with a keyboard shortcut as well.
@@ -29,13 +38,17 @@ image::toolbar.png[]
 *(A) Database* – Open Database, Save Database, Lock Database +
 *(B) Entries* – Create Entry, Edit Entry, Delete Selected Entries +
 *\(C) Entry Data* – Copy Username, Copy Password, Copy URL, Perform Auto-Type +
-*(D) Tools* – Password Generator, Application Settings +
+*(D) Tools* – Database Settings, Reports, Password Generator, Application Settings +
 *(E) Search*
 
-=== Application Settings
-Users can configure KeePassXC to their personal tastes with a wide variety of general and security settings that apply to the whole application. These settings are accessible from _Tools_ -> _Settings_ or the cog wheel icon from the toolbar. Settings include: startup options, file management, entry management, user interface, language, security timeouts, and convenience.
+=== Screenshot Security
+By default, KeePassXC prevents recordings and screenshots of the application window on Windows and macOS. This prevents inadvertent spillage of information during meetings and disallows other applications to capture the window contents. If you would like to enable screen capture temporarily, navigate to _View_ menu and select _Allow Screen Capture_. Alternatively, you can start the application with the `--allow-screencapture` command line flag.
 
-==== Setting the Theme
+
+=== View Options
+You can customize the appearance of KeePassXC to your liking. The following options are available in the _View_ menu:
+
+==== Themes
 KeePassXC ships with light and dark themes specifically designed to meet accessibility standards. In most cases, the appropriate theme for your system will be determined automatically, but you can always set a specific theme by using the _View_ menu. When a new theme is selected you will be prompted to restart KeePassXC to apply the theme immediately.
 
 .Setting the theme
@@ -47,8 +60,8 @@ For users with smaller screens or those who desire seeing more entries at once,
 .Compact mode comparison
 image::compact_mode_comparison.png[]
 
-=== Screenshot Security
-By default, KeePassXC prevents recordings and screenshots of the application window on Windows and macOS. This prevents inadvertent spillage of information during meetings and disallows other applications to capture the window contents. If you would like to enable screen capture, you must start the application with the `--allow-screencapture` command line flag.
+=== Application Settings
+Users can configure KeePassXC to their personal tastes with a wide variety of general and security settings that apply to the whole application. These settings are accessible from _Tools_ -> _Settings_ or the cog wheel icon from the toolbar. Settings include: startup options, file management, entry management, user interface, language, security controls, and integration settings (Auto-Type, Browser, etc).
 
 === Keyboard Shortcuts
 include::KeyboardShortcuts.adoc[tag=content, leveloffset=+1]
@@ -77,6 +90,7 @@ Arguments:
   filename(s)                  filenames of the password databases to open (*.kdbx)
 ----
 
+=== Environment Variables
 Additionally, the following environment variables may be useful when running the application:
 
 [grid=rows, frame=none, width=75%]
@@ -86,10 +100,22 @@ Additionally, the following environment variables may be useful when running the
 |KPXC_CONFIG                    | Override default path to roaming configuration file
 |KPXC_CONFIG_LOCAL              | Override default path to local configuration file
 |KPXC_INITIAL_DIR               | Override initial location picking for databases
-|SSH_AUTH_SOCKET                | Path of the unix file socket that the agent uses for communication with other processes (SSH Agent)
+|SSH_AUTH_SOCK                  | Path of the unix file socket that the agent uses for communication with other processes (SSH Agent)
 |QT_SCALE_FACTOR [numeric]      | Defines a global scale factor for the whole application, including point-sized fonts.
 |QT_SCREEN_SCALE_FACTORS [list] | Specifies scale factors for each screen. See https://doc.qt.io/qt-5/highdpi.html#high-dpi-support-in-qt
 |QT_SCALE_FACTOR_ROUNDING_POLICY | Control device pixel ratio rounding to the nearest integer. See https://doc.qt.io/qt-5/highdpi.html#high-dpi-support-in-qt
 |===
+
+=== Installer Options
+The following options can be set when running the Windows Installer MSI in an unattended installation:
+
+* *LAUNCHAPPONEXIT* – Launch KeePassXC after install (default ON)
+* *AUTOSTARTPROGRAM* – KeePassXC will auto-start on login (default ON)
+* *INSTALLDESKTOPSHORTCUT* – A desktop icon will be installed (default OFF)
+
+Example: `msiexec.exe /q /i KeePassXC-Y.Y.Y-WinZZ.msi AUTOSTARTPROGRAM=0`
+
+== Command Line Tool
+KeePassXC comes with the command line tool *keepassxc-cli* to access, view, and manipulate your database directly from a terminal window. The tool is documented through a separate man page, which can be shown using `man keepassxc-cli`, or through the on-demand help using `keepassxc-cli [command] -h`. An online version of the man page is https://github.com/keepassxreboot/keepassxc/blob/latest/docs/man/keepassxc-cli.1.adoc[available on GitHub].
 // end::advanced[]
 // end::content[]

docs/topics/Welcome.adoc

@@ -26,12 +26,13 @@ KeePassXC has numerous features for novice and power users alike. This guide wil
  ** Password generator
  ** Auto-Type passwords into applications
  ** Browser integration with Google Chrome, Mozilla Firefox, Microsoft Edge, Chromium, Vivaldi, Brave, and Tor-Browser
+ ** Support for passkeys using the browser integration
  ** Entry icon download
- ** Import databases from CSV, 1Password, and KeePass1 formats
+ ** Import databases from CSV, 1Password, Bitwarden, Proton Pass, and KeePass1 formats
 
 * Advanced Features
  ** Database reports (password health, HIBP, and statistics)
- ** Database export to CSV and HTML formats
+ ** Database export to CSV, XML, and HTML formats
  ** TOTP storage and generation
  ** Field references between entries
  ** File attachments and custom attributes

release-tool.ps1

@@ -1,598 +0,0 @@
-<#
-.SYNOPSIS
-KeePassXC Release Tool
-
-.DESCRIPTION
-Commands:
-  merge      Merge release branch into main branch and create release tags
-  build      Build and package binary release from sources
-  sign       Sign previously compiled release packages
-
-.NOTES
-The following are descriptions of certain parameters:
-  -Vcpkg           Specify VCPKG toolchain location (example: C:\vcpkg)
-  -Tag             Release tag to check out (defaults to version number)
-  -Snapshot        Build current HEAD without checkout out Tag
-  -CMakeGenerator  Override the default CMake generator
-  -CMakeOptions    Additional CMake options for compiling the sources
-  -CPackGenerators Set CPack generators (default: WIX;ZIP)
-  -Compiler        Compiler to use (example: g++, clang, msbuild)
-  -MakeOptions     Options to pass to the make program
-  -SignBuild       Perform platform specific App Signing before packaging
-  -SignKey         Specify the App Signing Key/Identity
-  -TimeStamp       Explicitly set the timestamp server to use for appsign
-  -SourceBranch    Source branch to merge from (default: 'release/$Version')
-  -TargetBranch    Target branch to merge to (default: master)
-  -VSToolChain     Specify Visual Studio Toolchain by name if more than one is available
-#>
-
-param(
-    [Parameter(ParameterSetName = "merge", Mandatory, Position = 0)]
-    [switch] $Merge,
-    [Parameter(ParameterSetName = "build", Mandatory, Position = 0)]
-    [switch] $Build,
-    [Parameter(ParameterSetName = "sign", Mandatory, Position = 0)]
-    [switch] $Sign,
-
-    [Parameter(ParameterSetName = "merge", Mandatory, Position = 1)]
-    [Parameter(ParameterSetName = "build", Mandatory, Position = 1)]
-    [Parameter(ParameterSetName = "sign", Mandatory, Position = 1)]
-    [string] $Version,
-
-    [Parameter(ParameterSetName = "build", Mandatory)]
-    [string] $Vcpkg,
-
-    [Parameter(ParameterSetName = "sign", Mandatory)]
-    [SupportsWildcards()]
-    [string[]] $SignFiles,
-
-    # [Parameter(ParameterSetName = "build")]
-    # [switch] $DryRun,
-    [Parameter(ParameterSetName = "build")]
-    [switch] $Snapshot,
-    [Parameter(ParameterSetName = "build")]
-    [switch] $SignBuild,
-    
-    [Parameter(ParameterSetName = "build")]
-    [string] $CMakeGenerator = "Ninja",
-    [Parameter(ParameterSetName = "build")]
-    [string] $CMakeOptions,
-    [Parameter(ParameterSetName = "build")]
-    [string] $CPackGenerators = "WIX;ZIP",
-    [Parameter(ParameterSetName = "build")]
-    [string] $Compiler,
-    [Parameter(ParameterSetName = "build")]
-    [string] $MakeOptions,
-    [Parameter(ParameterSetName = "build")]
-    [Parameter(ParameterSetName = "sign")]
-    [string] $SignKey,
-    [Parameter(ParameterSetName = "build")]
-    [Parameter(ParameterSetName = "sign")]
-    [string] $Timestamp = "http://timestamp.sectigo.com",
-    [Parameter(ParameterSetName = "merge")]
-    [Parameter(ParameterSetName = "build")]
-    [Parameter(ParameterSetName = "sign")]
-    [string] $GpgKey = "CFB4C2166397D0D2",
-    [Parameter(ParameterSetName = "merge")]
-    [Parameter(ParameterSetName = "build")]
-    [string] $SourceDir = ".",
-    [Parameter(ParameterSetName = "build")]
-    [string] $OutDir = ".\release",
-    [Parameter(ParameterSetName = "merge")]
-    [Parameter(ParameterSetName = "build")]
-    [string] $Tag,
-    [Parameter(ParameterSetName = "merge")]
-    [string] $SourceBranch,
-    [Parameter(ParameterSetName = "build")]
-    [string] $VSToolChain,
-    [Parameter(ParameterSetName = "merge")]
-    [Parameter(ParameterSetName = "build")]
-    [Parameter(ParameterSetName = "sign")]
-    [string] $ExtraPath
-)
-
-# Helper function definitions
-function Test-RequiredPrograms {
-    # If any of these fail they will throw an exception terminating the script
-    if ($Build) {
-        Get-Command git | Out-Null
-        Get-Command cmake | Out-Null
-    }
-    if ($Merge) {
-        Get-Command git | Out-Null
-        Get-Command tx | Out-Null
-        Get-Command lupdate | Out-Null
-    }
-    if ($Sign -or $SignBuild) {
-        if ($SignKey.Length) {
-            Get-Command signtool | Out-Null
-        }
-        Get-Command gpg | Out-Null
-    }
-}
-
-function Test-VersionInFiles {
-    # Check CMakeLists.txt
-    $Major, $Minor, $Patch = $Version.split(".", 3)
-    if (!(Select-String "$SourceDir\CMakeLists.txt" -pattern "KEEPASSXC_VERSION_MAJOR `"$Major`"" -Quiet) `
-            -or !(Select-String "$SourceDir\CMakeLists.txt" -pattern "KEEPASSXC_VERSION_MINOR `"$Minor`"" -Quiet) `
-            -or !(Select-String "$SourceDir\CMakeLists.txt" -pattern "KEEPASSXC_VERSION_PATCH `"$Patch`"" -Quiet)) {
-        throw "CMakeLists.txt has not been updated to $Version."
-    }
-
-    # Check Changelog
-    if (!(Select-String "$SourceDir\CHANGELOG.md" -pattern "^## $Version \(\d{4}-\d{2}-\d{2}\)$" -Quiet)) {
-        throw "CHANGELOG.md does not contain a section for $Version."
-    }
-
-    # Check AppStreamInfo
-    if (!(Select-String "$SourceDir\share\linux\org.keepassxc.KeePassXC.appdata.xml" `
-                -pattern "<release version=`"$Version`" date=`"\d{4}-\d{2}-\d{2}`">" -Quiet)) {
-        throw "share/linux/org.keepassxc.KeePassXC.appdata.xml does not contain a section for $Version."
-    }
-}
-
-function Test-WorkingTreeClean {
-    & git diff-index --quiet HEAD --
-    if ($LASTEXITCODE) {
-        throw "Current working tree is not clean! Please commit or unstage any changes."
-    }
-}
-
-function Invoke-VSToolchain([String] $Toolchain, [String] $Path, [String] $Arch) {
-    # Find Visual Studio installations
-    $vs = Get-CimInstance MSFT_VSInstance
-    if ($vs.count -eq 0) {
-        $err = "No Visual Studio installations found, download one from https://visualstudio.com/downloads."
-        $err = "$err`nIf Visual Studio is installed, you may need to repair the install then restart."
-        throw $err
-    }
-
-    $VSBaseDir = $vs[0].InstallLocation
-    if ($Toolchain) {
-        # Try to find the specified toolchain by name
-        foreach ($_ in $vs) {
-            if ($_.Name -eq $Toolchain) {
-                $VSBaseDir = $_.InstallLocation
-                break
-            }
-        }
-    } elseif ($vs.count -gt 1) {
-        # Ask the user which install to use
-        $i = 0
-        foreach ($_ in $vs) {
-            $i = $i + 1
-            $i.ToString() + ") " + $_.Name | Write-Host
-        }
-        $i = Read-Host -Prompt "Which Visual Studio installation do you want to use?"
-        $i = [Convert]::ToInt32($i, 10) - 1
-        if ($i -lt 0 -or $i -ge $vs.count) {
-            throw "Invalid selection made"
-        }
-        $VSBaseDir = $vs[$i].InstallLocation
-    }
-    
-    # Bootstrap the specified VS Toolchain
-    Import-Module "$VSBaseDir\Common7\Tools\Microsoft.VisualStudio.DevShell.dll"
-    Enter-VsDevShell -VsInstallPath $VSBaseDir -Arch $Arch -StartInPath $Path | Write-Host
-    Write-Host # Newline after command output
-}
-
-function Invoke-Cmd([string] $command, [string[]] $options = @(), [switch] $maskargs, [switch] $quiet) {
-    $call = ('{0} {1}' -f $command, ($options -Join ' '))
-    if ($maskargs) {
-        Write-Host "$command <masked>" -ForegroundColor DarkGray
-    }
-    else {
-        Write-Host $call -ForegroundColor DarkGray
-    }
-    if ($quiet) {
-        Invoke-Expression $call > $null
-    } else {
-        Invoke-Expression $call
-    }
-    if ($LASTEXITCODE -ne 0) {
-        throw "Failed to run command: {0}" -f $command
-    }
-    Write-Host #insert newline after command output
-}
-
-function Invoke-SignFiles([string[]] $files, [string] $key, [string] $time) {
-    if (!(Test-Path -Path "$key" -PathType leaf)) {
-        throw "Appsign key file was not found! ($key)"
-    }
-    if ($files.Length -eq 0) {
-        return
-    }
-
-    Write-Host "Signing files using $key" -ForegroundColor Cyan
-    $KeyPassword = Read-Host "Key password: " -MaskInput
-
-    foreach ($_ in $files) {
-        Write-Host "Signing file '$_' using Microsoft signtool..."
-        Invoke-Cmd "signtool" "sign -f `"$key`" -p `"$KeyPassword`" -d `"KeePassXC`" -td sha256 -fd sha256 -tr `"$time`" `"$_`"" -maskargs
-    }
-}
-
-function Invoke-GpgSignFiles([string[]] $files, [string] $key) {
-    if ($files.Length -eq 0) {
-        return
-    }
-
-    Write-Host "Signing files using GPG key $key" -ForegroundColor Cyan
-
-    foreach ($_ in $files) {
-        Write-Host "Signing file '$_' and creating DIGEST..."
-        if (Test-Path "$_.sig") {
-            Remove-Item "$_.sig"
-        }
-        Invoke-Cmd "gpg" "--output `"$_.sig`" --armor --local-user `"$key`" --detach-sig `"$_`""
-        $FileName = (Get-Item $_).Name
-        (Get-FileHash "$_" SHA256).Hash + " *$FileName" | Out-File "$_.DIGEST" -NoNewline
-    }
-}
-
-
-# Handle errors and restore state
-$OrigDir = (Get-Location).Path
-$OrigBranch = & git rev-parse --abbrev-ref HEAD
-$ErrorActionPreference = 'Stop'
-trap {
-    Write-Host "Restoring state..." -ForegroundColor Yellow
-    & git checkout $OrigBranch
-    Set-Location "$OrigDir"
-}
-
-Write-Host "KeePassXC Release Preparation Helper" -ForegroundColor Green
-Write-Host "Copyright (C) 2022 KeePassXC Team <https://keepassxc.org/>`n" -ForegroundColor Green
-
-# Prepend extra PATH locations as specified
-if ($ExtraPath) {
-    $env:Path = "$ExtraPath;$env:Path"
-}
-
-# Resolve absolute directory for paths
-$SourceDir = (Resolve-Path $SourceDir).Path
-
-# Check format of -Version
-if ($Version -notmatch "^\d+\.\d+\.\d+(-Beta\d*)?$") {
-    throw "Invalid format for -Version input"
-}
-
-# Check platform
-if (!$IsWindows) {
-    throw "The PowerShell release tool is not available for Linux or macOS at this time."
-}
-
-if ($Merge) {
-    Test-RequiredPrograms
-
-    # Change to SourceDir
-    Set-Location "$SourceDir"
-
-    Test-VersionInFiles
-    Test-WorkingTreeClean
-
-    if (!$SourceBranch.Length) {
-        $SourceBranch = & git branch --show-current
-    }
-
-    if ($SourceBranch -notmatch "^release/.*$") {
-        throw "Must be on a release/* branch to continue."
-    }
-
-    # Update translation files
-    Write-Host "Updating source translation file..."
-    Invoke-Cmd "lupdate" "-no-ui-lines -disable-heuristic similartext -locations none", `
-        "-extensions c,cpp,h,js,mm,qrc,ui -no-obsolete ./src -ts share/translations/keepassxc_en.ts"
-
-    Write-Host "Pulling updated translations from Transifex..."
-    Invoke-Cmd "tx" "pull -af --minimum-perc=60 -r keepassxc.share-translations-keepassxc-en-ts--develop"
-
-    # Only commit if there are changes
-    $changes = & git status --porcelain
-    if ($changes.Length -gt 0) {
-        Write-Host "Committing translation updates..."
-        Invoke-Cmd "git" "add -A ./share/translations/" -quiet
-        Invoke-Cmd "git" "commit -m `"Update translations`"" -quiet
-    }
-
-    # Read the version release notes from CHANGELOG
-    $Changelog = ""
-    $ReadLine = $false
-    Get-Content "CHANGELOG.md" | ForEach-Object {
-        if ($ReadLine) {
-            if ($_ -match "^## ") {
-                $ReadLine = $false
-            } else {
-                $Changelog += $_ + "`n"
-            }
-        } elseif ($_ -match "$Version \(\d{4}-\d{2}-\d{2}\)") {
-            $ReadLine = $true
-        }
-    }
-
-    Write-Host "Creating tag for '$Version'..."
-    $tmp = New-TemporaryFile
-    "Release $Version`n$Changelog" | Out-File $tmp.FullName
-    Invoke-Cmd "git" "tag -a `"$Version`" -F `"$tmp`" -s" -quiet
-    Remove-Item $tmp.FullName -Force
-
-    Write-Host "Moving latest tag..."
-    Invoke-Cmd "git" "tag -f -a `"latest`" -m `"Latest stable release`" -s" -quiet
-
-    Write-Host "All done!"
-    Write-Host "Please merge the release branch back into the develop branch now and then push your changes."
-    Write-Host "Don't forget to also push the tags using 'git push --tags'."
-} elseif ($Build) {
-    $Vcpkg = (Resolve-Path "$Vcpkg/scripts/buildsystems/vcpkg.cmake").Path
-
-    # Find Visual Studio and establish build environment
-    Invoke-VSToolchain $VSToolChain $SourceDir -Arch "amd64"
-
-    Test-RequiredPrograms
-
-    if ($Snapshot) {
-        $Tag = "HEAD"
-        $SourceBranch = & git rev-parse --abbrev-ref HEAD
-        $ReleaseName = "$Version-snapshot"
-        $CMakeOptions = "-DKEEPASSXC_BUILD_TYPE=Snapshot -DOVERRIDE_VERSION=`"$ReleaseName`" $CMakeOptions"
-        Write-Host "Using current branch '$SourceBranch' to build." -ForegroundColor Cyan
-    } else {
-        Test-WorkingTreeClean
-
-        # Clear output directory
-        if (Test-Path $OutDir) {
-            Remove-Item $OutDir -Recurse
-        }
-        
-        if ($Version -match "-beta\d*$") {
-            $CMakeOptions = "-DKEEPASSXC_BUILD_TYPE=PreRelease $CMakeOptions"
-        } else {
-            $CMakeOptions = "-DKEEPASSXC_BUILD_TYPE=Release $CMakeOptions"
-        }
-
-        # Setup Tag if not defined then checkout tag
-        if ($Tag -eq "" -or $Tag -eq $null) {
-            $Tag = $Version
-        }
-        Write-Host "Checking out tag 'tags/$Tag' to build." -ForegroundColor Cyan
-        Invoke-Cmd "git" "checkout `"tags/$Tag`""
-    }
-
-    # Create directories
-    New-Item "$OutDir" -ItemType Directory -Force | Out-Null
-    $OutDir = (Resolve-Path $OutDir).Path
-
-    $BuildDir = "$OutDir\build-release"
-    New-Item "$BuildDir" -ItemType Directory -Force | Out-Null
-
-    # Enter build directory
-    Set-Location "$BuildDir"
-
-    # Setup CMake options
-    $CMakeOptions = "-DWITH_XC_ALL=ON -DWITH_TESTS=OFF -DCMAKE_BUILD_TYPE=Release $CMakeOptions"
-    $CMakeOptions = "-DCMAKE_TOOLCHAIN_FILE:FILEPATH=`"$Vcpkg`" -DX_VCPKG_APPLOCAL_DEPS_INSTALL=ON $CMakeOptions"
-
-    Write-Host "Configuring build..." -ForegroundColor Cyan
-    Invoke-Cmd "cmake" "-G `"$CMakeGenerator`" $CMakeOptions `"$SourceDir`""
-
-    Write-Host "Compiling sources..." -ForegroundColor Cyan
-    Invoke-Cmd "cmake" "--build . --config Release -- $MakeOptions"
-    
-    if ($SignBuild) {
-        $files = Get-ChildItem "$BuildDir\src" -Include "*keepassxc*.exe", "*keepassxc*.dll" -Recurse -File | ForEach-Object { $_.FullName }
-        Invoke-SignFiles $files $SignKey $Timestamp
-    }
-
-    Write-Host "Create deployment packages..." -ForegroundColor Cyan
-    Invoke-Cmd "cpack" "-G `"$CPackGenerators`""
-    Move-Item "$BuildDir\keepassxc-*" -Destination "$OutDir" -Force
-
-    if ($SignBuild) {
-        # Enter output directory
-        Set-Location -Path "$OutDir"
-
-        # Sign MSI files using AppSign key
-        $files = Get-ChildItem $OutDir -Include "*.msi" -Name
-        Invoke-SignFiles $files $SignKey $Timestamp
-
-        # Sign all output files using the GPG key then hash them
-        $files = Get-ChildItem $OutDir -Include "*.msi", "*.zip" -Name
-        Invoke-GpgSignFiles $files $GpgKey
-    }
-
-    # Restore state
-    Invoke-Command {git checkout $OrigBranch}
-    Set-Location "$OrigDir"
-} elseif ($Sign) {
-    if (Test-Path $SignKey) {
-        # Need to include path to signtool program
-        Invoke-VSToolchain $VSToolChain $SourceDir -Arch "amd64"
-    }
-
-    Test-RequiredPrograms
-
-    # Resolve wildcard paths
-    $ResolvedFiles = @()
-    foreach ($_ in $SignFiles) {
-        $ResolvedFiles += (Get-ChildItem $_ -File | ForEach-Object { $_.FullName })
-    }
-
-    $AppSignFiles = $ResolvedFiles.Where({ $_ -match "\.(msi|exe|dll)$" })
-    Invoke-SignFiles $AppSignFiles $SignKey $Timestamp
-
-    $GpgSignFiles = $ResolvedFiles.Where({ $_ -match "\.(msi|zip|gz|xz|dmg|appimage)$" })
-    Invoke-GpgSignFiles $GpgSignFiles $GpgKey
-}
-
-# SIG # Begin signature block
-# MIIfXAYJKoZIhvcNAQcCoIIfTTCCH0kCAQExDzANBglghkgBZQMEAgEFADB5Bgor
-# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
-# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCC3+AltPeIvGycP
-# LJr+5kqYiFnGPXyfdXgAkgrw+aI/AqCCGSAwggU6MIIEIqADAgECAhBYotctjMD9
-# icz/IeDU7cdKMA0GCSqGSIb3DQEBCwUAMHwxCzAJBgNVBAYTAkdCMRswGQYDVQQI
-# ExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoT
-# D1NlY3RpZ28gTGltaXRlZDEkMCIGA1UEAxMbU2VjdGlnbyBSU0EgQ29kZSBTaWdu
-# aW5nIENBMB4XDTIxMDMxNTAwMDAwMFoXDTI0MDMxNDIzNTk1OVowgaExCzAJBgNV
-# BAYTAlVTMQ4wDAYDVQQRDAUyMjMxNTERMA8GA1UECAwIVmlyZ2luaWExEjAQBgNV
-# BAcMCUZyYW5jb25pYTEbMBkGA1UECQwSNjY1MyBBdWRyZXkgS2F5IEN0MR4wHAYD
-# VQQKDBVEcm9pZE1vbmtleSBBcHBzLCBMTEMxHjAcBgNVBAMMFURyb2lkTW9ua2V5
-# IEFwcHMsIExMQzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALAH0v/7
-# XOVxc5Auhi92tgBZL0Hm6L7sT1xcKfrBwHg12ZpFs0zeR1ZzyduM44d45y3aNXNW
-# 7+klHVJqAj5XVHUF/OB/O5bnljKIeupdAZ8v3GGokBZK91BGKe+WRn5ZjdDGc6HN
-# xCT4FMth1TCrTg7eMy/u+cfp+4ur8dcSyAM5tkLsTIoS1VtZWjiepjS1RO+Ile9E
-# j+wUM3wO9Qt5/BlYi8XsbXU0V4oi3bj6EMLO9UEq0SfsM2YUY7UIkAHtLPiMV7BX
-# gw/WC+IwB8ZtIGpq/JEME4bt51pJVvVmrjzbKgc0Cz6akhArZIa9QooAkrbAINvO
-# Cm+7mx/PBK2lzSECAwEAAaOCAZAwggGMMB8GA1UdIwQYMBaAFA7hOqhTOjHVir7B
-# u61nGgOFrTQOMB0GA1UdDgQWBBTu7ZZnt+omJoze71KXMDAYGGhYfTAOBgNVHQ8B
-# Af8EBAMCB4AwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDAzARBglg
-# hkgBhvhCAQEEBAMCBBAwSgYDVR0gBEMwQTA1BgwrBgEEAbIxAQIBAwIwJTAjBggr
-# BgEFBQcCARYXaHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwCAYGZ4EMAQQBMEMGA1Ud
-# HwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwuc2VjdGlnby5jb20vU2VjdGlnb1JTQUNv
-# ZGVTaWduaW5nQ0EuY3JsMHMGCCsGAQUFBwEBBGcwZTA+BggrBgEFBQcwAoYyaHR0
-# cDovL2NydC5zZWN0aWdvLmNvbS9TZWN0aWdvUlNBQ29kZVNpZ25pbmdDQS5jcnQw
-# IwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLnNlY3RpZ28uY29tMA0GCSqGSIb3DQEB
-# CwUAA4IBAQAPbD9O3krI9tfYz6FZXCCqkqbjaeTpo3Ye9Kn4paWsHa37OIv7UhFf
-# CrtLRXunZ7Vkry5cvMGNQNUaMFy6CHmEYb3kwZWW3EImuv9uTUd7rYvszBXF8flv
-# kysT+8L9wdxLEQHUBnBnFgqMM99HzVuINVyH75d4qa9TF9PhcajsxwmpPgr9NwvC
-# KNJv8BaxdH6vYFcQCqCygbfuST99s8qKaknTuHF39E1hWkTfcT3fMJDVONzW0/cN
-# ourxylLqMZRjk007NGCnaYZwYfKW/pD/F/jmo28eKoVVy129j2h/RAWODl5gOvis
-# sNr6aSz1/Ul3xoNYpyx8IGeWiFMoh99tMIIF9TCCA92gAwIBAgIQHaJIMG+bJhjQ
-# guCWfTPTajANBgkqhkiG9w0BAQwFADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgT
-# Ck5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVUaGUg
-# VVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlm
-# aWNhdGlvbiBBdXRob3JpdHkwHhcNMTgxMTAyMDAwMDAwWhcNMzAxMjMxMjM1OTU5
-# WjB8MQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAw
-# DgYDVQQHEwdTYWxmb3JkMRgwFgYDVQQKEw9TZWN0aWdvIExpbWl0ZWQxJDAiBgNV
-# BAMTG1NlY3RpZ28gUlNBIENvZGUgU2lnbmluZyBDQTCCASIwDQYJKoZIhvcNAQEB
-# BQADggEPADCCAQoCggEBAIYijTKFehifSfCWL2MIHi3cfJ8Uz+MmtiVmKUCGVEZ0
-# MWLFEO2yhyemmcuVMMBW9aR1xqkOUGKlUZEQauBLYq798PgYrKf/7i4zIPoMGYmo
-# bHutAMNhodxpZW0fbieW15dRhqb0J+V8aouVHltg1X7XFpKcAC9o95ftanK+ODtj
-# 3o+/bkxBXRIgCFnoOc2P0tbPBrRXBbZOoT5Xax+YvMRi1hsLjcdmG0qfnYHEckC1
-# 4l/vC0X/o84Xpi1VsLewvFRqnbyNVlPG8Lp5UEks9wO5/i9lNfIi6iwHr0bZ+UYc
-# 3Ix8cSjz/qfGFN1VkW6KEQ3fBiSVfQ+noXw62oY1YdMCAwEAAaOCAWQwggFgMB8G
-# A1UdIwQYMBaAFFN5v1qqK0rPVIDh2JvAnfKyA2bLMB0GA1UdDgQWBBQO4TqoUzox
-# 1Yq+wbutZxoDha00DjAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIB
-# ADAdBgNVHSUEFjAUBggrBgEFBQcDAwYIKwYBBQUHAwgwEQYDVR0gBAowCDAGBgRV
-# HSAAMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9V
-# U0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDB2BggrBgEFBQcB
-# AQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRydXN0LmNvbS9VU0VS
-# VHJ1c3RSU0FBZGRUcnVzdENBLmNydDAlBggrBgEFBQcwAYYZaHR0cDovL29jc3Au
-# dXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQwFAAOCAgEATWNQ7Uc0SmGk295qKoyb
-# 8QAAHh1iezrXMsL2s+Bjs/thAIiaG20QBwRPvrjqiXgi6w9G7PNGXkBGiRL0C3da
-# nCpBOvzW9Ovn9xWVM8Ohgyi33i/klPeFM4MtSkBIv5rCT0qxjyT0s4E307dksKYj
-# alloUkJf/wTr4XRleQj1qZPea3FAmZa6ePG5yOLDCBaxq2NayBWAbXReSnV+pbjD
-# bLXP30p5h1zHQE1jNfYw08+1Cg4LBH+gS667o6XQhACTPlNdNKUANWlsvp8gJRAN
-# GftQkGG+OY96jk32nw4e/gdREmaDJhlIlc5KycF/8zoFm/lv34h/wCOe0h5DekUx
-# wZxNqfBZslkZ6GqNKQQCd3xLS81wvjqyVVp4Pry7bwMQJXcVNIr5NsxDkuS6T/Fi
-# kyglVyn7URnHoSVAaoRXxrKdsbwcCtp8Z359LukoTBh+xHsxQXGaSynsCz1XUNLK
-# 3f2eBVHlRHjdAd6xdZgNVCT98E7j4viDvXK6yz067vBeF5Jobchh+abxKgoLpbn0
-# nu6YMgWFnuv5gynTxix9vTp3Los3QqBqgu07SqqUEKThDfgXxbZaeTMYkuO1dfih
-# 6Y4KJR7kHvGfWocj/5+kUZ77OYARzdu1xKeogG/lU9Tg46LC0lsa+jImLWpXcBw8
-# pFguo/NbSwfcMlnzh6cabVgwggbsMIIE1KADAgECAhAwD2+s3WaYdHypRjaneC25
-# MA0GCSqGSIb3DQEBDAUAMIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMKTmV3IEpl
-# cnNleTEUMBIGA1UEBxMLSmVyc2V5IENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJV
-# U1QgTmV0d29yazEuMCwGA1UEAxMlVVNFUlRydXN0IFJTQSBDZXJ0aWZpY2F0aW9u
-# IEF1dGhvcml0eTAeFw0xOTA1MDIwMDAwMDBaFw0zODAxMTgyMzU5NTlaMH0xCzAJ
-# BgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcT
-# B1NhbGZvcmQxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDElMCMGA1UEAxMcU2Vj
-# dGlnbyBSU0EgVGltZSBTdGFtcGluZyBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
-# ADCCAgoCggIBAMgbAa/ZLH6ImX0BmD8gkL2cgCFUk7nPoD5T77NawHbWGgSlzkeD
-# tevEzEk0y/NFZbn5p2QWJgn71TJSeS7JY8ITm7aGPwEFkmZvIavVcRB5h/RGKs3E
-# Wsnb111JTXJWD9zJ41OYOioe/M5YSdO/8zm7uaQjQqzQFcN/nqJc1zjxFrJw06PE
-# 37PFcqwuCnf8DZRSt/wflXMkPQEovA8NT7ORAY5unSd1VdEXOzQhe5cBlK9/gM/R
-# EQpXhMl/VuC9RpyCvpSdv7QgsGB+uE31DT/b0OqFjIpWcdEtlEzIjDzTFKKcvSb/
-# 01Mgx2Bpm1gKVPQF5/0xrPnIhRfHuCkZpCkvRuPd25Ffnz82Pg4wZytGtzWvlr7a
-# TGDMqLufDRTUGMQwmHSCIc9iVrUhcxIe/arKCFiHd6QV6xlV/9A5VC0m7kUaOm/N
-# 14Tw1/AoxU9kgwLU++Le8bwCKPRt2ieKBtKWh97oaw7wW33pdmmTIBxKlyx3GSuT
-# lZicl57rjsF4VsZEJd8GEpoGLZ8DXv2DolNnyrH6jaFkyYiSWcuoRsDJ8qb/fVfb
-# Enb6ikEk1Bv8cqUUotStQxykSYtBORQDHin6G6UirqXDTYLQjdprt9v3GEBXc/Bx
-# o/tKfUU2wfeNgvq5yQ1TgH36tjlYMu9vGFCJ10+dM70atZ2h3pVBeqeDAgMBAAGj
-# ggFaMIIBVjAfBgNVHSMEGDAWgBRTeb9aqitKz1SA4dibwJ3ysgNmyzAdBgNVHQ4E
-# FgQUGqH4YRkgD8NBd0UojtE1XwYSBFUwDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB
-# /wQIMAYBAf8CAQAwEwYDVR0lBAwwCgYIKwYBBQUHAwgwEQYDVR0gBAowCDAGBgRV
-# HSAAMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9V
-# U0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDB2BggrBgEFBQcB
-# AQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRydXN0LmNvbS9VU0VS
-# VHJ1c3RSU0FBZGRUcnVzdENBLmNydDAlBggrBgEFBQcwAYYZaHR0cDovL29jc3Au
-# dXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQwFAAOCAgEAbVSBpTNdFuG1U4GRdd8D
-# ejILLSWEEbKw2yp9KgX1vDsn9FqguUlZkClsYcu1UNviffmfAO9Aw63T4uRW+VhB
-# z/FC5RB9/7B0H4/GXAn5M17qoBwmWFzztBEP1dXD4rzVWHi/SHbhRGdtj7BDEA+N
-# 5Pk4Yr8TAcWFo0zFzLJTMJWk1vSWVgi4zVx/AZa+clJqO0I3fBZ4OZOTlJux3LJt
-# QW1nzclvkD1/RXLBGyPWwlWEZuSzxWYG9vPWS16toytCiiGS/qhvWiVwYoFzY16g
-# u9jc10rTPa+DBjgSHSSHLeT8AtY+dwS8BDa153fLnC6NIxi5o8JHHfBd1qFzVwVo
-# mqfJN2Udvuq82EKDQwWli6YJ/9GhlKZOqj0J9QVst9JkWtgqIsJLnfE5XkzeSD2b
-# NJaaCV+O/fexUpHOP4n2HKG1qXUfcb9bQ11lPVCBbqvw0NP8srMftpmWJvQ8eYtc
-# ZMzN7iea5aDADHKHwW5NWtMe6vBE5jJvHOsXTpTDeGUgOw9Bqh/poUGd/rG4oGUq
-# NODeqPk85sEwu8CgYyz8XBYAqNDEf+oRnR4GxqZtMl20OAkrSQeq/eww2vGnL8+3
-# /frQo4TZJ577AWZ3uVYQ4SBuxq6x+ba6yDVdM3aO8XwgDCp3rrWiAoa6Ke60WgCx
-# jKvj+QrJVF3UuWp0nr1Irpgwggb1MIIE3aADAgECAhA5TCXhfKBtJ6hl4jvZHSLU
-# MA0GCSqGSIb3DQEBDAUAMH0xCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVy
-# IE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoTD1NlY3RpZ28g
-# TGltaXRlZDElMCMGA1UEAxMcU2VjdGlnbyBSU0EgVGltZSBTdGFtcGluZyBDQTAe
-# Fw0yMzA1MDMwMDAwMDBaFw0zNDA4MDIyMzU5NTlaMGoxCzAJBgNVBAYTAkdCMRMw
-# EQYDVQQIEwpNYW5jaGVzdGVyMRgwFgYDVQQKEw9TZWN0aWdvIExpbWl0ZWQxLDAq
-# BgNVBAMMI1NlY3RpZ28gUlNBIFRpbWUgU3RhbXBpbmcgU2lnbmVyICM0MIICIjAN
-# BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApJMoUkvPJ4d2pCkcmTjA5w7U0Rzs
-# aMsBZOSKzXewcWWCvJ/8i7u7lZj7JRGOWogJZhEUWLK6Ilvm9jLxXS3AeqIO4OBW
-# ZO2h5YEgciBkQWzHwwj6831d7yGawn7XLMO6EZge/NMgCEKzX79/iFgyqzCz2Ix6
-# lkoZE1ys/Oer6RwWLrCwOJVKz4VQq2cDJaG7OOkPb6lampEoEzW5H/M94STIa7GZ
-# 6A3vu03lPYxUA5HQ/C3PVTM4egkcB9Ei4GOGp7790oNzEhSbmkwJRr00vOFLUHty
-# 4Fv9GbsfPGoZe267LUQqvjxMzKyKBJPGV4agczYrgZf6G5t+iIfYUnmJ/m53N9e7
-# UJ/6GCVPE/JefKmxIFopq6NCh3fg9EwCSN1YpVOmo6DtGZZlFSnF7TMwJeaWg4Ga
-# 9mBmkFgHgM1Cdaz7tJHQxd0BQGq2qBDu9o16t551r9OlSxihDJ9XsF4lR5F0zXUS
-# 0Zxv5F4Nm+x1Ju7+0/WSL1KF6NpEUSqizADKh2ZDoxsA76K1lp1irScL8htKycOU
-# QjeIIISoh67DuiNye/hU7/hrJ7CF9adDhdgrOXTbWncC0aT69c2cPcwfrlHQe2zY
-# HS0RQlNxdMLlNaotUhLZJc/w09CRQxLXMn2YbON3Qcj/HyRU726txj5Ve/Fchzpk
-# 8WBLBU/vuS/sCRMCAwEAAaOCAYIwggF+MB8GA1UdIwQYMBaAFBqh+GEZIA/DQXdF
-# KI7RNV8GEgRVMB0GA1UdDgQWBBQDDzHIkSqTvWPz0V1NpDQP0pUBGDAOBgNVHQ8B
-# Af8EBAMCBsAwDAYDVR0TAQH/BAIwADAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDBK
-# BgNVHSAEQzBBMDUGDCsGAQQBsjEBAgEDCDAlMCMGCCsGAQUFBwIBFhdodHRwczov
-# L3NlY3RpZ28uY29tL0NQUzAIBgZngQwBBAIwRAYDVR0fBD0wOzA5oDegNYYzaHR0
-# cDovL2NybC5zZWN0aWdvLmNvbS9TZWN0aWdvUlNBVGltZVN0YW1waW5nQ0EuY3Js
-# MHQGCCsGAQUFBwEBBGgwZjA/BggrBgEFBQcwAoYzaHR0cDovL2NydC5zZWN0aWdv
-# LmNvbS9TZWN0aWdvUlNBVGltZVN0YW1waW5nQ0EuY3J0MCMGCCsGAQUFBzABhhdo
-# dHRwOi8vb2NzcC5zZWN0aWdvLmNvbTANBgkqhkiG9w0BAQwFAAOCAgEATJtlWPrg
-# ec/vFcMybd4zket3WOLrvctKPHXefpRtwyLHBJXfZWlhEwz2DJ71iSBewYfHAyTK
-# x6XwJt/4+DFlDeDrbVFXpoyEUghGHCrC3vLaikXzvvf2LsR+7fjtaL96VkjpYeWa
-# OXe8vrqRZIh1/12FFjQn0inL/+0t2v++kwzsbaINzMPxbr0hkRojAFKtl9RieCqE
-# eajXPawhj3DDJHk6l/ENo6NbU9irALpY+zWAT18ocWwZXsKDcpCu4MbY8pn76rSS
-# ZXwHfDVEHa1YGGti+95sxAqpbNMhRnDcL411TCPCQdB6ljvDS93NkiZ0dlw3oJok
-# nk5fTtOPD+UTT1lEZUtDZM9I+GdnuU2/zA2xOjDQoT1IrXpl5Ozf4AHwsypKOazB
-# pPmpfTXQMkCgsRkqGCGyyH0FcRpLJzaq4Jgcg3Xnx35LhEPNQ/uQl3YqEqxAwXBb
-# mQpA+oBtlGF7yG65yGdnJFxQjQEg3gf3AdT4LhHNnYPl+MolHEQ9J+WwhkcqCxuE
-# dn17aE+Nt/cTtO2gLe5zD9kQup2ZLHzXdR+PEMSU5n4k5ZVKiIwn1oVmHfmuZHaR
-# 6Ej+yFUK7SnDH944psAU+zI9+KmDYjbIw74Ahxyr+kpCHIkD3PVcfHDZXXhO7p9e
-# IOYJanwrCKNI9RX8BE/fzSEceuX1jhrUuUAxggWSMIIFjgIBATCBkDB8MQswCQYD
-# VQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdT
-# YWxmb3JkMRgwFgYDVQQKEw9TZWN0aWdvIExpbWl0ZWQxJDAiBgNVBAMTG1NlY3Rp
-# Z28gUlNBIENvZGUgU2lnbmluZyBDQQIQWKLXLYzA/YnM/yHg1O3HSjANBglghkgB
-# ZQMEAgEFAKCBhDAYBgorBgEEAYI3AgEMMQowCKACgAChAoAAMBkGCSqGSIb3DQEJ
-# AzEMBgorBgEEAYI3AgEEMBwGCisGAQQBgjcCAQsxDjAMBgorBgEEAYI3AgEVMC8G
-# CSqGSIb3DQEJBDEiBCBp7GODztdZALJXKtlDO7iMqjlod5DXJQUaVMMwaRVDkzAN
-# BgkqhkiG9w0BAQEFAASCAQB8i7HZnhNcD6S7hrG+nk6bDcg8LyL+C3QOnmxIQKA3
-# +TQB02qB83WI+ErrH7GQHgi+7kB4K8NYs1dK/yYIp6pwgXUnYqQlsQCYzMRk9Shn
-# gvJWO04dV3V17NHfAXHT/+gHKTOOUJf58/Yabo87/vu4K5gE2g3TOrMHm0G9x1k8
-# PXgW6mzMD6xEz0tuvXdGZ8BSZ5VlDYV5ITchn8Eni29RTSIBIbZHbMWI5Gcsbzqd
-# ZLKHmVOoT2Las0VWNzq96+1X1HjFGhPqAIm19ByZyGI3OO9fgP6lfGuHyE2eyYUp
-# MKQ6qr8nfPzmp3bF0JLSGV3pEViDOqRgkkQmOXHfHlqsoYIDSzCCA0cGCSqGSIb3
-# DQEJBjGCAzgwggM0AgEBMIGRMH0xCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVh
-# dGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoTD1NlY3Rp
-# Z28gTGltaXRlZDElMCMGA1UEAxMcU2VjdGlnbyBSU0EgVGltZSBTdGFtcGluZyBD
-# QQIQOUwl4XygbSeoZeI72R0i1DANBglghkgBZQMEAgIFAKB5MBgGCSqGSIb3DQEJ
-# AzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIzMDgxNTAzMDcyMlowPwYJ
-# KoZIhvcNAQkEMTIEMDyZLb3/c3iiuzTHkbucrdYjiOpKcwtj+r0u6p2ypdNrYVlH
-# k9k7PaDY1LfCeRwkPTANBgkqhkiG9w0BAQEFAASCAgAKipaEem0CK2ALaiJYcBkB
-# AUYGZl6MpMKScYGmiqopzfp3sLp6EiM9lWtU0skS/d81DDlT/Hm55NNEoNEjB1R8
-# 3OygPagYohu/UoNLPUCZjLMsHGfsW2KXxr0OODpjLU9YkiucaQNHTjhO0zpm18A4
-# btEgi8pooELnNx2uX/ZB+HwnYUsCMGE7WnYshDXGmE8puiCUTddf9R5uqbRrCVJS
-# G6jf+YhNvUeJSVgwnJoWqfHMKoHo7CdYgGR91RUIVdsbMO/2QosBTm1HzvWfB82C
-# 0s43uZNPP05a6ITmzjytk5OYEA+xwYFM6qo8TjeLGrgAeHyk7BUYdk5hUS2lQ+Th
-# SU0AivCqsAQvMcwKd69fhMGN0hrQu+ydKhQe6pmm8J5/DRoV/pNYVcecgYMXowrI
-# EXK8l0ihsk/pEpoONcpNEacQ5U/miylp7f37WlGU7bY3EWc8BOENYMRUA+hKMXka
-# kPQ1RID0BU4OyjuI76+klf9xBngSu1xR/2aw9/+TlzWGNRpjKRLQkIFJ8iaFX91B
-# KfJ4+B6HELBEn2wjLvL+fLLn3ajp2fdeRf1CWWzOHQox15KHzEK7o6zZ43IzWOeO
-# blzPpVotmoJ8ncBZXGtLDmS64Z04J58KvpfV2g02/EIHZhry2E3sG3jWAv0WY2z7
-# fgsXlQSQR8WnONsJJQ95CA==
-# SIG # End signature block

share/CMakeLists.txt

@@ -63,6 +63,7 @@ if(UNIX AND NOT APPLE AND NOT HAIKU)
 endif(UNIX AND NOT APPLE AND NOT HAIKU)
 
 if(APPLE)
+  install(FILES macosx/Assets.car DESTINATION ${DATA_INSTALL_DIR})
   install(FILES macosx/keepassxc.icns DESTINATION ${DATA_INSTALL_DIR})
 endif()
 
@@ -74,16 +75,28 @@ install(FILES icons/application/256x256/apps/keepassxc.png DESTINATION ${DATA_IN
 
 add_custom_target(icons)
 add_custom_command(TARGET icons
+        POST_BUILD
         COMMAND bash ./icons/minify.sh
         WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
 if(APPLE)
     add_custom_command(TARGET icons
-            COMMAND png2icns macosx/keepassxc.icns icons/application/256x256/apps/keepassxc.png
+            POST_BUILD
+            COMMAND xcrun actool share/macosx/keepassxc.icon
+                --compile share/macosx
+                --output-partial-info-plist /dev/null
+                --app-icon keepassxc
+                --include-all-app-icons
+                --enable-on-demand-resources NO
+                --target-device mac
+                --minimum-deployment-target 11.0
+                --platform macosx
+                --output-format human-readable-text
             WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
 endif()
 
 # ICO for Windows
 add_custom_command(TARGET icons
+    POST_BUILD
     COMMAND bash ./windows/create-ico.sh icons/application/scalable/apps/keepassxc.svg windows/keepassxc.ico
     COMMAND bash ./windows/create-ico.sh icons/application/scalable/mimetypes/application-x-keepassxc.svg windows/keepassxc-kdbx.ico
     WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})

share/demo.key

@@ -1 +0,0 @@
-secret

share/demo_readme.md

@@ -0,0 +1,3 @@
+This is a demo database to showcase some of the features of KeePassXC
+
+The password to unlock demo.kdbx is: secret

share/icons/application/scalable/actions/arrow-collapse-down.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19.92,12.08L12,20L4.08,12.08L5.5,10.67L11,16.17V2H13V16.17L18.5,10.66L19.92,12.08M12,20H2V22H22V20H12Z" /></svg>

share/icons/application/scalable/actions/bitwarden.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M21,11C21,16.55 17.16,21.74 12,23C6.84,21.74 3,16.55 3,11V5L12,1L21,5V11M12,21C15.75,20 19,15.54 19,11.22V6.3L12,3.18V21Z" /></svg>

share/icons/application/scalable/actions/csv.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M14 2H6C4.9 2 4 2.9 4 4V20C4 21.1 4.9 22 6 22H18C19.1 22 20 21.1 20 20V8L14 2M18 20H6V4H13V9H18V20M10 19L12 15H9V10H15V15L13 19H10" /></svg>

share/icons/application/scalable/actions/database-settings.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 14C9.58 14 7.3 13.4 6 12.45V9.64C7.47 10.47 9.61 11 12 11S16.53 10.47 18 9.64V12.08C18.33 12.03 18.66 12 19 12C19.34 12 19.67 12.03 20 12.08V7C20 4.79 16.42 3 12 3S4 4.79 4 7V17C4 19.21 7.59 21 12 21C12.1 21 12.2 21 12.29 21C12.11 20.36 12 19.69 12 19C8.13 19 6 17.5 6 17V14.77C7.61 15.55 9.72 16 12 16C12.24 16 12.47 16 12.7 15.97C13.1 15.14 13.65 14.41 14.32 13.81C13.58 13.93 12.8 14 12 14M12 5C15.87 5 18 6.5 18 7S15.87 9 12 9 6 7.5 6 7 8.13 5 12 5M22.7 19.6V18.6L23.8 17.8C23.9 17.7 24 17.6 23.9 17.5L22.9 15.8C22.9 15.7 22.7 15.7 22.6 15.7L21.4 16.2C21.1 16 20.8 15.8 20.5 15.7L20.3 14.4C20.3 14.3 20.2 14.2 20.1 14.2H18.1C17.9 14.2 17.8 14.3 17.8 14.4L17.6 15.7C17.3 15.9 17.1 16 16.8 16.2L15.6 15.7C15.5 15.7 15.4 15.7 15.3 15.8L14.3 17.5C14.3 17.6 14.3 17.7 14.4 17.8L15.5 18.6V19.6L14.4 20.4C14.3 20.5 14.2 20.6 14.3 20.7L15.3 22.4C15.4 22.5 15.5 22.5 15.6 22.5L16.8 22C17 22.2 17.3 22.4 17.6 22.5L17.8 23.8C17.9 23.9 18 24 18.1 24H20.1C20.2 24 20.3 23.9 20.3 23.8L20.5 22.5C20.8 22.3 21 22.2 21.3 22L22.5 22.4C22.6 22.4 22.7 22.4 22.8 22.3L23.8 20.6C23.9 20.5 23.9 20.4 23.8 20.4L22.7 19.6M19 20.5C18.2 20.5 17.5 19.8 17.5 19S18.2 17.5 19 17.5 20.5 18.2 20.5 19 19.8 20.5 19 20.5Z" /></svg>

share/icons/application/scalable/actions/entry-delete.svg

@@ -1 +1 @@
-<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" id="mdi-close-circle-outline" width="24" height="24" viewBox="0 0 24 24"><path d="M12,20C7.59,20 4,16.41 4,12C4,7.59 7.59,4 12,4C16.41,4 20,7.59 20,12C20,16.41 16.41,20 12,20M12,2C6.47,2 2,6.47 2,12C2,17.53 6.47,22 12,22C17.53,22 22,17.53 22,12C22,6.47 17.53,2 12,2M14.59,8L12,10.59L9.41,8L8,9.41L10.59,12L8,14.59L9.41,16L12,13.41L14.59,16L16,14.59L13.41,12L16,9.41L14.59,8Z" /></svg>
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12,2A10,10 0 0,1 22,12A10,10 0 0,1 12,22A10,10 0 0,1 2,12A10,10 0 0,1 12,2M12,4A8,8 0 0,0 4,12A8,8 0 0,0 12,20A8,8 0 0,0 20,12A8,8 0 0,0 12,4M16,10V17A1,1 0 0,1 15,18H9A1,1 0 0,1 8,17V10H16M13.5,6L14.5,7H17V9H7V7H9.5L10.5,6H13.5Z" /></svg>

share/icons/application/scalable/actions/entry-expire.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9 8H11V14H9V8M13 1H7V3H13V1M17.03 7.39C18.26 8.93 19 10.88 19 13C19 17.97 15 22 10 22C5.03 22 1 17.97 1 13S5.03 4 10 4C12.12 4 14.07 4.74 15.62 6L17.04 4.56C17.55 5 18 5.46 18.45 5.97L17.03 7.39M17 13C17 9.13 13.87 6 10 6S3 9.13 3 13 6.13 20 10 20 17 16.87 17 13M21 7V13H23V7H21M21 17H23V15H21V17Z" /></svg>

share/icons/application/scalable/actions/lock-open-alert.svg

@@ -0,0 +1 @@
+<svg viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg" xml:space="preserve" style="fill-rule:evenodd;clip-rule:evenodd;stroke-linejoin:round;stroke-miterlimit:2"><path d="M22.326 14.864h-2.652v-12h2.652v12m0 5h-2.652v-3h2.652v3Z" style="fill-rule:nonzero" transform="matrix(1.13122 0 0 1 -1.2557 2.1364)"/><path d="M18 8c1.097 0 2 .903 2 2v10c0 1.097-.903 2-2 2H6c-1.11 0-2-.9-2-2V10c0-1.097.903-2 2-2h9V6c0-1.646-1.354-3-3-3S9 4.354 9 6H7c0-2.743 2.257-5 5-5s5 2.257 5 5v2h1m-6 9c1.097 0 2-.903 2-2s-.903-2-2-2-2 .903-2 2 .903 2 2 2Z" style="fill-rule:nonzero" transform="translate(-1)"/></svg>

share/icons/application/scalable/actions/lock-open.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M18,8A2,2 0 0,1 20,10V20A2,2 0 0,1 18,22H6C4.89,22 4,21.1 4,20V10A2,2 0 0,1 6,8H15V6A3,3 0 0,0 12,3A3,3 0 0,0 9,6H7A5,5 0 0,1 12,1A5,5 0 0,1 17,6V8H18M12,17A2,2 0 0,0 14,15A2,2 0 0,0 12,13A2,2 0 0,0 10,15A2,2 0 0,0 12,17Z" /></svg>

share/icons/application/scalable/actions/lock.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12,17A2,2 0 0,0 14,15C14,13.89 13.1,13 12,13A2,2 0 0,0 10,15A2,2 0 0,0 12,17M18,8A2,2 0 0,1 20,10V20A2,2 0 0,1 18,22H6A2,2 0 0,1 4,20V10C4,8.89 4.9,8 6,8H7V6A5,5 0 0,1 12,1A5,5 0 0,1 17,6V8H18M12,3A3,3 0 0,0 9,6V8H15V6A3,3 0 0,0 12,3Z" /></svg>

share/icons/application/scalable/actions/onepassword.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12,1C5.92,1 1,5.92 1,12C1,18.08 5.92,23 12,23C18.08,23 23,18.08 23,12C23,5.92 18.08,1 12,1M12,20A8,8 0 0,1 4,12A8,8 0 0,1 12,4A8,8 0 0,1 20,12A8,8 0 0,1 12,20M13,13.5C13,14.13 13.4,14.7 14,14.91V18H10V11.91C10.78,11.64 11.19,10.8 10.93,10C10.78,9.58 10.44,9.24 10,9.09V6H14V12.09C13.4,12.3 13,12.87 13,13.5Z" /></svg>

share/icons/application/scalable/actions/passkey.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M21,11C21,16.55 17.16,21.74 12,23C6.84,21.74 3,16.55 3,11V5L12,1L21,5V11M12,21C15.75,20 19,15.54 19,11.22V6.3L12,3.18L5,6.3V11.22C5,15.54 8.25,20 12,21M12,6A3,3 0 0,1 15,9C15,10.31 14.17,11.42 13,11.83V14H15V16H13V18H11V11.83C9.83,11.42 9,10.31 9,9A3,3 0 0,1 12,6M12,8A1,1 0 0,0 11,9A1,1 0 0,0 12,10A1,1 0 0,0 13,9A1,1 0 0,0 12,8Z" /></svg>

share/icons/application/scalable/actions/proton.svg

@@ -0,0 +1 @@
+<svg viewBox="0 0 128 128" xmlns="http://www.w3.org/2000/svg" xml:space="preserve" style="fill-rule:evenodd;clip-rule:evenodd;stroke-linejoin:round;stroke-miterlimit:2"><path d="M22.5 101.382V88.3094c0-9.1756 7.4383-16.6154 16.6154-16.6154l11.528.1398c12.5786 0 21.5115-2.3424 26.7973-7.0258 5.2858-4.6835 7.9851-8.4576 7.9851-16.9566 0-6.1551-1.6287-11.224-4.7734-15.5733-3.0775-4.4165-7.1586-7.3271-12.2445-8.7317-3.2789-.8707-9.334-1.3047-18.1656-1.3047l-9.1856-.1284v28.1362H22.5V4.75l26.1364.1284c9.768 0 17.2292.4682 22.3808 1.4046 7.2271 1.2048 13.2823 3.513 18.167 6.926 4.8847 3.3445 8.7988 8.0622 11.7422 14.1516 3.0119 6.088 4.5735 12.5958 4.5735 19.89 0 12.5115-4.0382 20.301-12.0005 28.9998-7.9623 8.6303-22.9161 12.4345-43.7268 12.4345 0 0-7.5968.1384-8.716.1384-8.4061 0-15.6061 5.2016-18.5566 12.5586ZM22.5 124.2501c0-13.2305 8.192-24.0806 18.5567-24.9993v24.902L22.5 124.25Z"/></svg>

share/icons/application/scalable/actions/reports.svg

@@ -1 +1 @@
-<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" id="mdi-lightbulb-on-outline" width="24" height="24" viewBox="0 0 24 24"><path d="M20,11H23V13H20V11M1,11H4V13H1V11M13,1V4H11V1H13M4.92,3.5L7.05,5.64L5.63,7.05L3.5,4.93L4.92,3.5M16.95,5.63L19.07,3.5L20.5,4.93L18.37,7.05L16.95,5.63M12,6A6,6 0 0,1 18,12C18,14.22 16.79,16.16 15,17.2V19A1,1 0 0,1 14,20H10A1,1 0 0,1 9,19V17.2C7.21,16.16 6,14.22 6,12A6,6 0 0,1 12,6M14,21V22A1,1 0 0,1 13,23H11A1,1 0 0,1 10,22V21H14M11,18H13V15.87C14.73,15.43 16,13.86 16,12A4,4 0 0,0 12,8A4,4 0 0,0 8,12C8,13.86 9.27,15.43 11,15.87V18Z" /></svg>
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 16V4H8V16M22 16C22 17.1 21.1 18 20 18H8C6.9 18 6 17.1 6 16V4C6 2.9 6.9 2 8 2H20C21.1 2 22 2.9 22 4M16 20V22H4C2.9 22 2 21.1 2 20V7H4V20M16 11H18V14H16M13 6H15V14H13M10 8H12V14H10Z" /></svg>

share/icons/application/scalable/actions/totp-invalid.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M14.47 15.08L11 13V7H12.5V12.25L15.58 14.08C15.17 14.36 14.79 14.7 14.47 15.08M13.08 19.92C12.72 19.97 12.37 20 12 20C7.58 20 4 16.42 4 12S7.58 4 12 4 20 7.58 20 12C20 12.37 19.97 12.72 19.92 13.08C20.61 13.18 21.25 13.4 21.84 13.72C21.94 13.16 22 12.59 22 12C22 6.5 17.5 2 12 2S2 6.5 2 12C2 17.5 6.47 22 12 22C12.59 22 13.16 21.94 13.72 21.84C13.4 21.25 13.18 20.61 13.08 19.92M21.12 15.46L19 17.59L16.88 15.47L15.47 16.88L17.59 19L15.47 21.12L16.88 22.54L19 20.41L21.12 22.54L22.54 21.12L20.41 19L22.54 16.88L21.12 15.46Z" /></svg>

share/icons/application/scalable/actions/yubikey-refresh.svg

@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg width="100%" height="100%" viewBox="0 0 24 24" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="preserve" xmlns:serif="http://www.serif.com/" style="fill-rule:evenodd;clip-rule:evenodd;stroke-linejoin:round;stroke-miterlimit:2;">
+    <g transform="matrix(0.722673,-0.722673,0.722673,0.722673,-9.84661,10.66)">
+        <path d="M6.086,22.736C3.148,21.904 1,19.206 1,16C1,14.07 1.78,12.32 3.05,11.05L9.77,4.33L11.288,5.868L15.078,2.078C15.258,1.898 15.508,1.788 15.788,1.788C16.068,1.788 16.318,1.898 16.498,2.078L21.919,7.502L21.919,7.512C22.059,7.682 22.139,7.902 22.139,8.142C22.139,8.442 22.009,8.712 21.799,8.902L18.069,12.642L19.67,14.23L18.255,15.645L9.77,7.16L4.46,12.46C3.56,13.37 3,14.62 3,16C3,18.186 4.405,20.046 6.361,20.725C6.182,21.382 6.09,22.059 6.086,22.736ZM7.133,18.873C5.897,18.502 5,17.358 5,16C5,14.34 6.34,13 8,13C9.505,13 10.747,14.102 10.966,15.545C10.021,15.925 9.136,16.499 8.371,17.264C7.879,17.756 7.466,18.298 7.133,18.873ZM20.35,8.046L15.859,3.553L12.431,7.001L16.901,11.484L20.35,8.046ZM8,15C7.45,15 7,15.45 7,16C7,16.55 7.45,17 8,17C8.55,17 9,16.55 9,16C9,15.45 8.55,15 8,15Z"/>
+    </g>
+    <g transform="matrix(0.832215,6.28971e-17,-6.28971e-17,0.832215,6.96368,6.76821)">
+        <path d="M17.65,6.35C16.2,4.9 14.21,4 12,4C7.611,4 4,7.611 4,12C4,16.389 7.611,20 12,20C15.73,20 18.84,17.45 19.73,14L17.65,14C16.83,16.33 14.61,18 12,18C8.708,18 6,15.292 6,12C6,8.708 8.708,6 12,6C13.66,6 15.14,6.69 16.22,7.78L13,11L20,11L20,4L17.65,6.35Z" style="fill-rule:nonzero;"/>
+    </g>
+</svg>

share/icons/icons.qrc

@@ -6,18 +6,22 @@
         <file>application/256x256/apps/keepassxc.png</file>
 
         <file>application/scalable/actions/application-exit.svg</file>
+        <file>application/scalable/actions/arrow-collapse-down.svg</file>
         <file>application/scalable/actions/attributes-copy.svg</file>
         <file>application/scalable/actions/auto-type.svg</file>
+        <file>application/scalable/actions/bitwarden.svg</file>
         <file>application/scalable/actions/bugreport.svg</file>
         <file>application/scalable/actions/chevron-double-down.svg</file>
         <file>application/scalable/actions/chevron-double-right.svg</file>
         <file>application/scalable/actions/clipboard-text.svg</file>
         <file>application/scalable/actions/configure.svg</file>
+        <file>application/scalable/actions/csv.svg</file>
         <file>application/scalable/actions/database-change-key.svg</file>
         <file>application/scalable/actions/database-lock.svg</file>
         <file>application/scalable/actions/database-lock-all.svg</file>
         <file>application/scalable/actions/database-merge.svg</file>
         <file>application/scalable/actions/database-search.svg</file>
+        <file>application/scalable/actions/database-settings.svg</file>
         <file>application/scalable/actions/dialog-close.svg</file>
         <file>application/scalable/actions/dialog-ok.svg</file>
         <file>application/scalable/actions/document-close.svg</file>
@@ -36,6 +40,7 @@
         <file>application/scalable/actions/edit-clear-locationbar-rtl.svg</file>
         <file>application/scalable/actions/entry-clone.svg</file>
         <file>application/scalable/actions/entry-delete.svg</file>
+        <file>application/scalable/actions/entry-expire.svg</file>
         <file>application/scalable/actions/entry-restore.svg</file>
         <file>application/scalable/actions/entry-edit.svg</file>
         <file>application/scalable/actions/entry-new.svg</file>
@@ -53,16 +58,22 @@
         <file>application/scalable/actions/hibp.svg</file>
         <file>application/scalable/actions/lock-question.svg</file>
         <file>application/scalable/actions/keyboard-shortcuts.svg</file>
+        <file>application/scalable/actions/lock.svg</file>
+        <file>application/scalable/actions/lock-open.svg</file>
+        <file>application/scalable/actions/lock-open-alert.svg</file>
         <file>application/scalable/actions/message-close.svg</file>
         <file>application/scalable/actions/move-down.svg</file>
         <file>application/scalable/actions/move-up.svg</file>
         <file>application/scalable/actions/object-locked.svg</file>
         <file>application/scalable/actions/object-unlocked.svg</file>
+        <file>application/scalable/actions/onepassword.svg</file>
         <file>application/scalable/actions/paperclip.svg</file>
+        <file>application/scalable/actions/passkey.svg</file>
         <file>application/scalable/actions/password-copy.svg</file>
         <file>application/scalable/actions/password-generator.svg</file>
         <file>application/scalable/actions/password-show-off.svg</file>
         <file>application/scalable/actions/password-show-on.svg</file>
+        <file>application/scalable/actions/proton.svg</file>
         <file>application/scalable/actions/qrcode.svg</file>
         <file>application/scalable/actions/refresh.svg</file>
         <file>application/scalable/actions/reports.svg</file>
@@ -80,12 +91,14 @@
         <file>application/scalable/actions/totp-copy.svg</file>
         <file>application/scalable/actions/totp-copy-password.svg</file>
         <file>application/scalable/actions/totp-edit.svg</file>
+        <file>application/scalable/actions/totp-invalid.svg</file>
         <file>application/scalable/actions/trash.svg</file>
         <file>application/scalable/actions/url-copy.svg</file>
         <file>application/scalable/actions/user-guide.svg</file>
         <file>application/scalable/actions/username-copy.svg</file>
         <file>application/scalable/actions/view-history.svg</file>
         <file>application/scalable/actions/web.svg</file>
+        <file>application/scalable/actions/yubikey-refresh.svg</file>
         <file>application/scalable/apps/freedesktop.svg</file>
         <file>application/scalable/apps/internet-web-browser.svg</file>
         <file>application/scalable/apps/keepassxc.svg</file>

share/linux/appimage-apprun.sh

@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+
+export PATH="$(dirname $0)/usr/bin:${PATH}"
+
+if [ "$1" == "cli" ] || [ "$(basename "$ARGV0")" == "keepassxc-cli" ] || [ "$(basename "$ARGV0")" == "keepassxc-cli.AppImage" ]; then
+    [ "$1" == "cli" ] && shift
+    exec keepassxc-cli "$@"
+elif  [ "$1" == "proxy" ] || [ "$(basename "$ARGV0")" == "keepassxc-proxy" ] || [ "$(basename "$ARGV0")" == "keepassxc-proxy.AppImage" ]; then
+    [ "$1" == "proxy" ] && shift
+    exec keepassxc-proxy "$@"
+elif [ -v CHROME_WRAPPER ] || [ -v MOZ_LAUNCHED_CHILD ] || [ "$2" == "keepassxc-browser@keepassxc.org" ]; then
+    exec keepassxc-proxy "$@"
+else
+    exec keepassxc "$@"
+fi