Published 05. September 2024
Updated September 2025
Data security is a growing concern for organizations and individuals alike. With KeepTool 16.2, we’ve introduced an important upgrade to how passwords are stored: all saved passwords are now encrypted using AES-256, one of the most secure and modern encryption algorithms available.
This update ensures that sensitive connection data remains strongly protected — not just by the application itself, but by a user-defined master password.
In previous versions of KeepTool, saved database connection settings — including passwords — were stored in
%APPDATA%\KeepTool16\Projects\KTProjects.XML.
To make usage convenient, passwords were encrypted internally with a static, application-embedded key.
While this solution was effective and no security issues were ever reported, today’s standards demand user-controlled encryption with stronger cryptographic protection.
That’s why version 16.2 introduces the new KeyStore concept.
KeepTool now uses a KeyStore to manage password encryption. When you start version 16.2 for the first time, the application automatically detects whether you have previously saved passwords.
If so, it will prompt you to create a master password for your KeyStore. This password is used to protect your personal encryption key — ensuring that only you can decrypt stored passwords.
After entering your master password, KeepTool decrypts all existing saved passwords using the old method and re-encrypts them with AES-256 under the KeyStore. A backup copy of your previous configuration file (KTProjects.old) is created automatically.
When you next start KeepTool, you will be asked to enter your master password to unlock the KeyStore.
If you prefer convenience over strict security, you can check the option to save the master key locally, so you won’t have to enter it each time.
Otherwise, KeepTool will prompt for it whenever it needs to decrypt stored passwords.
In the connection dialog, the “Show password” button temporarily reveals the password for verification.
This feature works only while you hold the button, ensuring that passwords aren’t accidentally exposed.
You can manage your KeyStore anytime via Extras → Settings → KeyStore.
The following options are available:
Change master key – Update your master password.
Forget saved master key – Clear the stored key so you must enter it again next time.
Forget all saved passwords – Delete all stored passwords and start over.
If you forget your master password, KeepTool cannot recover it.
For security reasons, it’s not stored anywhere — and without it, your encrypted passwords cannot be decrypted.
However, your connection information (server name, username, etc.) remains intact, so you can re-enter passwords manually.
To make the most of KeepTool’s new security system:
Use a strong and unique master password — at least 12 characters, including numbers, symbols, and mixed case.
Do not save the master key on shared or unsecured systems.
Keep a secure offline backup of your master password.
When migrating between machines, copy both KTProjects.XML and KTProjects.old.
Periodically change your master password, especially after hardware or access changes.
With version 16.2, KeepTool adopts AES-256 encryption to safeguard stored passwords with cutting-edge cryptographic strength.
Your data remains protected even if someone gains access to your configuration files — only your master password can unlock them.
This improvement reflects our ongoing commitment to providing secure, user-friendly tools for database professionals.
KeepTool's Oracle tools are designed specifically for developers, DBAs, and support teams.
Based on over 25 years of experience, we continuously optimize our software to make your database analysis and documentation faster, more efficient, and clearer.