Skip to content

YubiKey Challenge response fails in windows for Keepassxc #4935

Open
Open
YubiKey Challenge response fails in windows for Keepassxc#4935
Labels
supportSupport request
@ghorsey

Description

@ghorsey
ghorsey
opened on Mar 2, 2026

Describe the bug

I have a keepass database that has a master password and a yubikey challenge response configured (without requireing a touch).

I am able to run chezmoi apply on linux without any issue.
When I run chezmoi apply on windows I get the following error:

chezmoi: : template: :21:13: executing ".tmpl" at <keepassxc "">: error calling keepassxc: unsupported

On windows I can execute keepassxc-cli show --attributes Password ***\creds.kdbx **** -y 1 without any errors.

To reproduce

Steps to reproduce the behavior.

  1. configure a yubi key support challenge response that does not require a touch input
  2. create a keepass database that uses a master password and the yubi key challenge
  3. Create a keepass entry with a password.
  4. Reference the keepass entry in a config file.
  5. Create a chezmoi config:
[keepassxc]
  database = "{{path to db}}/creds.kdbx"
  args = [ "-y", "1" ]
  mode = "open"
  1. Plug in the yubi key (with the touchless response in slot 1
  2. Execute chezmoi apply## Expected behavior

Expected Output

Similar behavior to linux:

  1. Chezmoi prompts for the password
  2. the process completes successfully

Output of command with the --verbose flag

$ chezmoi --verbose apply
chezmoi: ***: template: ***.tmpl:21:13: executing "***.tmpl" at <keepassxc "***">: error calling keepassxc: unsupported

Output of chezmoi doctor

Details 
$ chezmoi doctor
RESULT    CHECK                       MESSAGE
ok        version                     v2.69.4, commit c4c669c9f2f329233a85802014d26fba3c58a4a4, built at 2026-02-11T08:59:37Z, built by goreleaser
ok        latest-version              v2.69.4
ok        os-arch                     windows/amd64
ok        systeminfo                  Microsoft Windows 11 Enterprise (10.0.26200 N/A Build 26200)
ok        go-version                  go1.25.7 (gc)
ok        executable                  ~/AppData/Local/Microsoft/WinGet/Packages/twpayne.chezmoi_Microsoft.Winget.Source_8wekyb3d8bbwe/chezmoi.exe
ok        upgrade-method              winget-upgrade
ok        config-file                 found ~/.config/chezmoi/chezmoi.toml, last modified 2026-03-02T12:22:24-08:00
ok        source-dir                  ~/.local/share/chezmoi is a git working tree (clean)
warning   suspicious-entries          ~/.local/share/chezmoi/dot_config/chezmoi/chezmoi.toml.tmpl
ok        working-tree                ~/.local/share/chezmoi is a git working tree (clean)
ok        dest-dir                    ~ is a directory
ok        symlink                     created symlink from .new-name to .old-name
ok        cd-command                  found C:/WINDOWS/system32/cmd.exe
ok        cd-args                     'C:\\WINDOWS\\system32\\cmd.exe'
info      diff-command                not set
ok        edit-command                found C:/WINDOWS/system32/notepad.exe
ok        edit-args                   'C:\\WINDOWS\\system32\\notepad.exe'
ok        git-command                 found C:/Program Files/Git/cmd/git.exe, version 2.53.0
warning   merge-command               vimdiff not found in $PATH
ok        shell-command               found C:/WINDOWS/system32/cmd.exe
ok        shell-args                  'C:\\WINDOWS\\system32\\cmd.exe'
info      age-command                 age not found in $PATH
info      gpg-command                 gpg not found in $PATH
info      pinentry-command            not set
info      1password-command           op not found in $PATH
info      bitwarden-command           bw not found in $PATH
info      bitwarden-secrets-command   bws not found in $PATH
info      dashlane-command            dcli not found in $PATH
info      doppler-command             doppler not found in $PATH
info      gopass-command              gopass not found in $PATH
ok        keepassxc-command           found C:/Program Files/KeePassXC/keepassxc-cli.exe, version 2.7.11
ok        keepassxc-db                ~/.config/creds.kdbx is a file
info      keeper-command              keeper not found in $PATH
info      lastpass-command            lpass not found in $PATH
info      pass-command                pass not found in $PATH
info      passhole-command            ph not found in $PATH
info      protonpass-command          pass-cli not found in $PATH
info      rbw-command                 rbw not found in $PATH
info      vault-command               vault not found in $PATH
info      secret-command              not set

Additional context

Add any other context about the problem here.

Metadata

Metadata

Assignees

No one assigned

    Labels

    supportSupport request

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions