Command Line Arguments

Invoking Password Safe with no arguments will cause the application to prompt you for the master password of the last database that was opened, or for the master password of a new database if none was previously opened on your machine (e.g., the first time you use Password Safe). It is, however, possible to modify this by invoking Password Safe as follows:

• pwsafe database
  This will open the specified database file, instead of the last one opened. If just a filename is given, without a path, it will be searched for in the directory in which the application was invoked. Note that if the filename and/or path has spaces, it should be enclosed in double quotes.
• pwsafe -r [database]
  This will open the specified database in read-only mode. If a database is not specified, then the application will prompt the user for a database, which will be opened in read-only mode.
• pwsafe -e filename
  This will prompt the user for a passphrase, and encrypt the file with a key derived from the passphrase. Note: The file can be any file. The encrypted file will have the same name as the original file, with ".PSF" appended to it.
  
• pwsafe -d filename
  This will prompt the user for a passphrase, and decrypt the file with a key derived from the passphrase. Note: This will work only on files that were encrypted by invoking pwsafe with the '-e' option (see above).
• pwsafe -c
  This will start the application closed, that is, with no database, and without the initial opening dialog (To access a database, use the File menu).
• pwsafe -s [database]
  This will start the application "silently", that is, minimized and with no database (unless one is specified). When the application is restored, the user is presented with the opening dialog box (This option is meant for starting the application upon login, via a shortcut in the user's Startup folder). Note: This implicitly puts the application in the system tray.
• pwsafe -m
  This is the same as the '-c' option, with the addition that the application is started as minimized.

In addition, the following options are accepted and may be useful if you wish to share the same preferences across several machines, for example, when running Password Safe from a disk-on-key.

• -u username
  This will cause the application to read and write preferences under the specified username, instead of under the login name.
• -h hostname
  This will cause the application to read and write preferences under the specified hostname, instead of under the machine's name.
• -g config_file
  This will cause the specified file to be used for loading and storing preferences, instead of the default pwsafe.cfg. If just a filename is given, without a path, it will be searched for in the directory in which the application was invoked unless overridden by the PWS_PREFSDIR environment variable (see its description in the Preferences Section). Note that if the filename and/or path has spaces, it should be enclosed in double quotes.

Note: As the configuration file uses XML, the username and hostname must satisfy the XML standards:

• The first character must be alphanumeric. If not, a "u" will be prefixed to the username and a "h" will be prefixed to the hostname as appropriate.
• They must only contain alphanumeric characters or one or more of the underscore, hyphen, colon or full stop characters ("_-:."). If other characters are present, they will be replaced by the underscore ("_").

Finally, there are some special command line flags beginning with "--". They are:

• --do-tall, --do-wide, --do-auto
  By default, Password Safe will check the screen dimensions and choose tall or wide versions of the larger dialog screens. Specifying --do-tall or --do-wide forces the choice, and --do-auto resets the system to use its internal logic. Note that this sets a preference, so it's enough to use this flag once on a given machine.
• --novalidate
  This will prevent Password Safe validating databases automatically when they are opened. Some validation is always required e.g. uniqueness of the entry's ID and the group/title/username combination.
• --allow-screen-capture
  As described in the Security Tab page, Password Safe by default hides itself from Windows' screen capture function (on Windows 10 Version 2004 and later). However, some programs, such as remote desktop viewers and screen readers for the visually impaired, rely on the screen capture capability to function. If you're using such programs on a regular basis, you can disable this by starting Password Safe with this command line flag. To protect against an adversary surreptitiously adding this flag, Password Safe displays a short notice when starting, informing you that the option has been set. In addition, the "Capture Protection" indicator in the opening and main windows will be in red.
  This feature can also be silently disabled at installation/setup time, either by clearing the screen capture protection checkbox in the exe (NSIS) Choose Components window, or by passing SCREENCAPTUREPROTECTION=False as an argument to the msiexec command, e.g., msiexec /i <pwsafe_msi_path> SCREENCAPTUREPROTECTION=False. When the feature is disabled this way, the status icon will be gray, with a tooltip indicating that the feature was disabled at setup. This is implemented via a registry key (HKLM\Software\Password Safe\Admin\ScreenCaptureProtection) that requires admin priviledge to write, but is readable by all users, specifically setting a value of zero to the key disables the feature.
• --testdump
  This allows testers to verify the mini-dump production when Password Safe has a problem to help developers resolve the issue.
• --cetreeview
  A new feature allows two entries to be selected and compared either via the Edit menu or by right-clicking on either. Selecting more than one entry is natively supported in the List view but not in the Tree view. This flag enables "Compare Entries" in the Tree view via an extra dialog to select the "other" entry. Supporting multiple selection in the Tree view is under development. Once supported, this flag will be ignored.