diff --git a/borgmatic/hooks/credential/keepassxc.py b/borgmatic/hooks/credential/keepassxc.py
index 0cb9ad12d..e3799da96 100644
--- a/borgmatic/hooks/credential/keepassxc.py
+++ b/borgmatic/hooks/credential/keepassxc.py
@@ -25,29 +25,16 @@ def load_credential(hook_config, config, credential_parameters):
     if not os.path.exists(expanded_database_path):
         raise ValueError( f'KeePassXC database path does not exist: {database_path}')
     
-    # Retrieve key file and Yubikey options from config
-    key_file = hook_config.get('key_file')
-    yubikey = hook_config.get('yubikey')
-    
+     
     # Build the keepassxc-cli command
     command = (
         tuple(shlex.split((hook_config or {}).get('keepassxc_cli_command', 'keepassxc-cli')))
-        + (
-            'show',
-            '--show-protected',
-            '--attributes',
-            'Password',
-            expanded_database_path,
-            attribute_name,
-        )
+        + ('show', '--show-protected', '--attributes', 'Password')  
+        + (('--key-file', hook_config['key_file']) if 'key_file' in hook_config else ())  
+        + (('--yubikey', hook_config['yubikey']) if 'yubikey' in hook_config else ())  
+        + (expanded_database_path, attribute_name)  # Ensure database & entry are last  
     )
     
-    if key_file:
-        command += ('--key-file', key_file)
-    
-    if yubikey:
-        command += ('--yubikey', yubikey)
-
     try:
         return borgmatic.execute.execute_command_and_capture_output(command).rstrip(os.linesep)
     except Exception as e:
diff --git a/tests/unit/hooks/credential/test_keepassxc.py b/tests/unit/hooks/credential/test_keepassxc.py
index 8b21cf08a..b3d013667 100644
--- a/tests/unit/hooks/credential/test_keepassxc.py
+++ b/tests/unit/hooks/credential/test_keepassxc.py
@@ -132,10 +132,10 @@ def test_load_credential_with_key_file():
             '--show-protected',
             '--attributes',
             'Password',
-            'database.kdbx',
-            'mypassword',
             '--key-file',
             '/path/to/keyfile',
+            'database.kdbx',
+            'mypassword',  
         )
     ).and_return(
         'password'
@@ -165,10 +165,10 @@ def test_load_credential_with_yubikey():
             '--show-protected',
             '--attributes',
             'Password',
-            'database.kdbx',
-            'mypassword',
             '--yubikey',
             '/path/to/yubikey',
+            'database.kdbx',
+            'mypassword',
         )
     ).and_return(
         'password'
@@ -198,12 +198,12 @@ def test_load_credential_with_key_file_and_yubikey():
             '--show-protected',
             '--attributes',
             'Password',
-            'database.kdbx',
-            'mypassword',
             '--key-file',
             '/path/to/keyfile',
             '--yubikey',
             '/path/to/yubikey',
+            'database.kdbx',
+            'mypassword',
         )
     ).and_return(
         'password'
@@ -216,4 +216,4 @@ def test_load_credential_with_key_file_and_yubikey():
             credential_parameters=('database.kdbx', 'mypassword'),
         )
         == 'password'
-    )
+    )
\ No newline at end of file