Fix KeePassXC error when "keepassxc:" option is not present, add new options to NEWS (#1047).

NEWS

@@ -22,6 +22,7 @@
    "working_directory" are used.
  * #1044: Fix an error in the systemd credential hook when the credential name contains a "."
    character.
+ * #1047: Add "key-file" and "yubikey" options to the KeePassXC credential hook.
  * #1048: Fix a "no such file or directory" error in ZFS, Btrfs, and LVM hooks with nested
    directories that reside on separate devices/filesystems.
  * #1050: Fix a failure in the "spot" check when the archive contains a symlink.

borgmatic/config/schema.yaml

@@ -2691,12 +2691,12 @@ properties:
             yubikey:
                 type: string
                 description: |
-                    YubiKey slot and optional serial number used to access the KeePassXC database.
-                    Format: "<slot[:serial]>", where:
-                     - <slot> is the YubiKey slot number (e.g., `1` or `2`).
-                     - <serial> (optional) is the YubiKey's serial number (e.g., `1:7370001`).
+                    YubiKey slot and optional serial number used to access the
+                    KeePassXC database. The format is "<slot[:serial]>", where:
+                     * <slot> is the YubiKey slot number (e.g., `1` or `2`).
+                     * <serial> (optional) is the YubiKey's serial number (e.g.,
+                       `7370001`).
                 example: "1:7370001"
-
         description: |
             Configuration for integration with the KeePassXC password manager.
     default_actions:

borgmatic/hooks/credential/keepassxc.py

@@ -18,24 +18,28 @@ def load_credential(hook_config, config, credential_parameters):
     try:
         (database_path, attribute_name) = credential_parameters
     except ValueError:
-        raise ValueError( f'Invalid KeePassXC credential parameters: {credential_parameters}')
+        raise ValueError(f'Invalid KeePassXC credential parameters: {credential_parameters}')
 
     expanded_database_path = os.path.expanduser(database_path)
 
     if not os.path.exists(expanded_database_path):
-        raise ValueError( f'KeePassXC database path does not exist: {database_path}')
-    
-     
-    # Build the keepassxc-cli command
+        raise ValueError(f'KeePassXC database path does not exist: {database_path}')
+
+    # Build the keepassxc-cli command.
     command = (
         tuple(shlex.split((hook_config or {}).get('keepassxc_cli_command', 'keepassxc-cli')))
-        + ('show', '--show-protected', '--attributes', 'Password')  
-        + (('--key-file', hook_config['key_file']) if 'key_file' in hook_config else ())  
-        + (('--yubikey', hook_config['yubikey']) if 'yubikey' in hook_config else ())  
-        + (expanded_database_path, attribute_name)  # Ensure database & entry are last  
+        + ('show', '--show-protected', '--attributes', 'Password')
+        + (
+            ('--key-file', hook_config['key_file'])
+            if hook_config and hook_config.get('key_file')
+            else ()
+        )
+        + (
+            ('--yubikey', hook_config['yubikey'])
+            if hook_config and hook_config.get('yubikey')
+            else ()
+        )
+        + (expanded_database_path, attribute_name)  # Ensure database and entry are last.
     )
-    
-    try:
-        return borgmatic.execute.execute_command_and_capture_output(command).rstrip(os.linesep)
-    except Exception as e:
-        raise ValueError(f'Failed to retrieve credential: {e}')
+
+    return borgmatic.execute.execute_command_and_capture_output(command).rstrip(os.linesep)

tests/unit/hooks/credential/test_keepassxc.py

@@ -135,7 +135,7 @@ def test_load_credential_with_key_file():
             '--key-file',
             '/path/to/keyfile',
             'database.kdbx',
-            'mypassword',  
+            'mypassword',
         )
     ).and_return(
         'password'
@@ -216,4 +216,4 @@ def test_load_credential_with_key_file_and_yubikey():
             credential_parameters=('database.kdbx', 'mypassword'),
         )
         == 'password'
-    )
+    )