Connecting Zen or other Firebox based Browsers with KeepassXC (Flatpak)

fix.md

How to fix the connection between Firefox Based browsers (like Zen) and KeepassXC (both installed via flatpak)

Credits to this comment i found: keepassxreboot/keepassxc#7352 (comment)
Sadly this only works for firefox but not firefox based browsers like Zen

So after literally live debugging the source code of zen here is the fix (technical explanation further down):

TL;DR:

Please skip the parts you already did if you already followed the linked comment at the top
Please also make sure to replace YOUR_USER with your username (echo $USER) and all zen related names with the ones from your browser in the following instructions

1. Make sure your firefox based browser and keepass are installed and closed
2. Create a file under /home/YOUR_USER/.var/app/app.zen_browser.zen/.zen/native-messaging-hosts/ (zen as example - please replace with flatpak app id and browser name) called org.keepassxc.keepassxc_browser.json
3. Paste following content into it:

{
    "allowed_extensions": [
        "keepassxc-browser@keepassxc.org"
    ],
    "description": "KeePassXC integration with native messaging support",
    "name": "org.keepassxc.keepassxc_browser",
    "path": "/home/YOUR_USER/.mozilla/native-messaging-hosts/keepassxc-proxy",
    "type": "stdio"
}

4. Make sure you have cargo/rust installed for the next step (try to run cargo if it fails run curl https://sh.rustup.rs -sSf | sh)
5. Execute following commands one after the other to build the keepass proxy (rust):

git clone https://github.com/varjolintu/keepassxc-proxy-rust.git
cd keepassxc-proxy-rust
cargo build --release

6. Wait for it to build and copy the newly created binary to the native-messaging-hosts dir:

cp ./target/release/keepassxc-proxy /home/YOUR_USER/.var/app/app.zen_browser.zen/.zen/native-messaging-hosts/keepassxc-proxy

7. Create a symlink folder under /home/YOUR_USERNAME/.mozilla that points to the .zen folder of your flatpak installation which is normally located at /home/YOUR_USERNAME/.var/app/app.zen_browser.zen/.zen:

ln -s /home/YOUR_USERNAME/.var/app/app.zen_browser.zen/.zen /home/YOUR_USERNAME/.mozilla

8. Give your browsers flatpak sandbox access to this symlink and the keepass socket (run with sudo for system wide installation):

flatpak override --user --filesystem=~/.mozilla app.zen_browser.zen
flatpak override --user --filesystem=xdg-run/app/org.keepassxc.KeePassXC/:create app.zen_browser.zen

9. Open up KeepassXC and go into Settings > Browser Integration > Advanced and disable "Update native messaging manifest files at startup" as this will overwrite the native messaging host path for our keepass proxy file and thus breaking the whole setup on restart.

Please be aware that this can break other Installations or Browsers especially if they are installed after KeepassXC. In that case just try to find the native messaging hosts files/folder of the affected Browser and change the path to the keepass proxy by hand. As long as the path doesnt change the browser should be good!

10. Thats it! Now you should be able to open keypass (dont forget to open a db and also activate browser extension in settings) and then open zen to connect the extension. Maybe also reboot maybe dont idk. If you have problems you can write me on discord. My tag is deadlinecode

Technical (boring) stuff

No matter the rebranding of the firefox browser it will still try to search the .mozilla directory for the native-messaging-hosts Normally in the flatpak sandbox a symlink is available from ~/.zen to ~/.var/app/app.zen_browser.zen/.zen. On normal firefox it wouldn't be called .zen but rather .mozilla. Thats why you can...

Troubleshoot

Try running flatpak run --command=sh app.zen_browser.zen to access the sandbox via a shell. You can use this shell to see if you setup the folders correctly (you should be able to cd into ~/.mozilla/native-messaging-hosts/ and see both files json and binary).

You can also use the Browser Console in Zen (Top Right Three Dots -> More tools -> Browser Console) to see if you get any errors on startup or when clicking the refresh button in the KeepassXC Extension. (Something like "No such native extension: org.keepassxc.keepassxc_browser")

And like i said: If you have problems you can write me on discord. My tag is deadlinecode. Or just write under this gist :)

THANK YOU! The only fixed that worked for my flatpak floorp setup. I did give up and tried using their ppa, but its outdated as sh*t. Thank god flatpak did not nuke my user settings after I uninstalled Floorp. Thank you again.

THANK YOU! The only fixed that worked for my flatpak floorp setup. I did give up and tried using their ppa, but its outdated as sh*t. Thank god flatpak did not nuke my user settings after I uninstalled Floorp. Thank you again.

Spoke too soon. After reboot keepass keeps overwriting native-messaging-hosts file for the keepass extension. After changing the owner and file permissions for the file keepassxc displays the error that it could not save the script and the file disappears. Trying to fiddle with custom browser configuration path in "Browser Intergration" -> "Advanced"

What worked for me is to untick "Update native messaging manifest files at startup" in "Browser Integration" > "Advanced". I don't know how this is gonna behave with multiple browsers. It survives the startup of KeePassXC and that's all I need.

Happy i could help somehow
And yeah forgot to add the step with disabling the proxy overwrite thing
Will add thx for the feedback <3