diff --git a/README.md b/README.md
index 341ea66..c39582f 100644
--- a/README.md
+++ b/README.md
@@ -131,4 +131,17 @@ Status: one-off
 
 Dependencies: apparmor
 
-Usage: `sync-apparmor.py <src> <dst>`
\ No newline at end of file
+Usage: `sync-apparmor.py <src> <dst>`
+
+
+## try-luks-from-kdbx.py
+Retrieve known password for a LUKS volume from a KeePass DB.
+
+For those moments when you forget the name of or
+mislabel your DB entry.
+
+Status: one-off
+
+Dependencies: pykeepass
+
+Usage: `try-luks-from-kdbx.py /path/to/kdbx /path/to/block-device`
\ No newline at end of file
diff --git a/try-luks-from-kdbx.py b/try-luks-from-kdbx.py
new file mode 100755
index 0000000..fa5dc72
--- /dev/null
+++ b/try-luks-from-kdbx.py
@@ -0,0 +1,26 @@
+#!/usr/bin/env python3
+
+import getpass
+import subprocess
+import sys
+
+from pykeepass import PyKeePass
+
+if len(sys.argv) < 3:
+	print(f'Usage: {sys.argv[0]} /path/to/kdbx /path/to/block-device\n')
+
+pwd = getpass.getpass('Enter database password:\n')
+kp = PyKeePass(sys.argv[1], password=pwd)
+cmd = ['cryptsetup', 'open', '--test-passphrase', sys.argv[2]]
+for entry in kp.entries:
+	res = subprocess.run(
+		cmd,
+		stdout=subprocess.DEVNULL,
+		stderr=subprocess.DEVNULL,
+		input=entry.password.encode()  # input accepts bytes, not str
+		)
+	if res.returncode == 0:
+		print(f'Password found: {entry.title}\npw: {entry.password}')
+		break
+	else:
+		print(f'Entry "{entry.title}" not a match')