Keepassxc: Integrate libsecret to enable access to GNOME or KDE keyring
libsecret is a GNU/Linux library used to access the GNOME or KDE keyring, including passwords, SSH keys, GPG certificates and more. Given that KeePassXC stores similar data (passwords), would libsecret integration offer any benefits? Or are the goals of a keyring and a password manager distinct?
- KeePassXC treats the system keyring as a KeePass database via libsecret
- The system treats a KeePassXC database as a keyring via libsecret
- Master passwords for KeePassXC databases are stored in the system keyring, allowing for invisible unlocking when the user is logged in
- ...something else?
lofidevops
All 14 comments
I had something like this in mind already. I'll see how we can integration OS keyrings and KeePassXC in the best possible way. We already have ssh-agent integration on the agenda.
phoerious
on 29 Mar 2017
Not sure if the following pull request would be worth looking at:
https://github.com/keepassx/keepassx/pull/159
I am not sure that what you have described above is supported in it.
UPDATE: it supports only storing the database master key in the system keyring
bugzy
on 29 Mar 2017
Yes!
I would find useful both
a) auto-opening if the master key for that file is in the keyring
(note: would need to store it based on database full path, which is fragile. It would require a UI for storing the master password there, too)
b) fetching passwords stored in Keepassxc through libsecret
(would likely need some mapping to determine the keepass location of key foo. This could be done by launching a dialog on first use by the app that instead of requesting the password requests the entry -potentially created at that time-)
Keisial
on 30 Mar 2017
I came here with the exact same question.
I'd like the database be able to opened automatically with an unlocked gnome-keyring.
eNTi
on 10 Apr 2017
I am looking for the same feature. In the past I've worked with several workarounds, but i would prefer a clean solution.
eppelmania
on 20 Apr 2017
Yeah, good idea. See https://github.com/keepassxreboot/keepassxc/issues/753 for my use case/explanation.
rugk
on 6 Jul 2017
Moving my comment from #1109:
On linux: What is a system keyring? GNOME Keyring and KWallet are system keyrings. For standardization purposes, they both implement the Secret Service API, which is a DBus based API.
The meat of it:
- The secret service handles secure storage of secrets at rest
- The service is able to open sessions over DBus
- In sessions, clients are able to securely ask and receive secrets
- The service may require items to be unlocked before being accessed.
If KeepassXC wanted to implement this, most of the work would be in adapting it to the DBus API, as its model is already essentially fully implemented. It would also probably be worth keeping separate to the KeepassXC core (some kind of plugin? Enable on demand?).
Another hard bit to answer for would be: How do items map to the ones advertised by the system keyring? Maybe they don't, maybe there's a special database (or table in an existing database) for the system stuff.
jleclanche
on 22 Oct 2017
For those merely looking to open keepassxc with kwallet, there is a small tutorial here:
https://blog.nixserve.net/auto-unlocking-keepass-database-on-plasma-5-desktop-login/
bugzy
on 12 Jan 2018
It seems like the answer to the original, broad question is, yes, each of these use cases is feasible and in-scope for this KeePassXC:
- Access and modify libsecret keyrings with KPXC interface
- Make KPXC databases accessible via libsecret/DBus
- Store KXPC passwords in (libsecret) system keyring
- Unlock KXPC databases on login (using 3)
These use cases are each quite different though, so I'm not sure they can be tracked in a single ticket. I'm happy to close this one and create individual tickets for each user story?
lofidevops
on 15 Jan 2018
I think that point n.3 stands for storing database's password into the
system keyring. So on logon kpxc can read it and autounlock the database
(point 4)
Il 15 gen 2018 2:44 PM, "eNTi" notifications@github.com ha scritto:
i don't see the point in 3. and how it relates to 4.?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
https://github.com/keepassxreboot/keepassxc/issues/440#issuecomment-357686575,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AGNElp2z_zn7dmbCn4zG9xclg-_0VGTfks5tK1YrgaJpZM4Ms3NX
.
TheElixZammuto
on 15 Jan 2018
From my point of view it would be invaluable cool if keepassxc can completely replace KWallet replicating its DBus API or/and API of sercret-service. It seems that KWallet is stagnating quite a while (correct me KDE gurus if I'm wrong). So KXPC could become its drop-in replacement.
Regarding p.3 there is qtkeychain library that might be useful. I picked it up form aforementioned tread.
kolya-ay
on 17 Jan 2018
Created tickets as described:
- #1402 Access system keyring data from KPXC UI
- #1403 Access KPXC data from system keyring UI
- #1404 Store KPXC unlock passphrases in system keyring
- #1405 Given #1404, support autounlocking on login (including programmatic access)
lofidevops
on 19 Jan 2018
In which of this issues would implementing org.freedesktop.secrets so that application using libsecret could store and retrieve password within KPXC?
ArchangeGabriel
on 4 Mar 2018
That'd be #1403.
jleclanche
on 4 Mar 2018
Related issues
bleepnetworks
·
3Comments
lostfictions
·
3Comments
2tbwXj46BDbdNBRV79DS
·
3Comments
shaneknysh
·
3Comments
Throne3d
·
3Comments
Most helpful comment
I had something like this in mind already. I'll see how we can integration OS keyrings and KeePassXC in the best possible way. We already have ssh-agent integration on the agenda.