linux:security:keyring:keepassxc-keyring
Table of Contents
KeepassXC as the System Keyring
Description
It is possible to use KeePassXC as the system keyring.
The following information requires at least KeePassXC 2.5.0 installed.
Configure
- Stop gnome-keyring if it's installed.
pgrep -l gnome
pkill pid
- Create a new group in the database that will hold the passwords used for the keyring
- Tools > Settings > Secret Service Integration >
- Enable KeepassXC Freedesktop.org Secret Service integration
- Database > Database Settings > Secret Service Integration > Expose entries under this group:
- Select the new group
Disable gnome-keyring
Create 3 .desktop files and place them in ~/.config/autostart
:
- gnome-keyring-pkcs11.desktop:
[Desktop Entry] Hidden=true
- gnome-keyring-secrets.desktop:
[Desktop Entry] Hidden=true
- gnome-keyring-ssh.desktop:
[Desktop Entry] Hidden=true
Accessing Entries
- Using secret-tool
- Using keyring
Entries
There are different fields that are stored in the Advanced > Attributes section of each entry.
You can create your own key:value pairs for easier access and searching of specific entries.
Here's a couple examples:
Nextcloud Desktop
General
Title: Nextcloud Desktop Username: username Password: ******* URL: https://path.to.nextcloud
Advanced
Type: Password Use: Saved password or login server: Nextcloud type: plaintext user: username:https://path.to.nextcloud/:0
Thunar
You can configure access to remote filesystems for browsing in Thunar.
General
- The double
//
is not a typo. - The password field should contain the password for the ssh key.
Title: username@hostname//home/username/.ssh/key Username: username Password: ********
Advanced
authtype: publickey object: /home/username/.ssh/key protocol: sftp server: hostname user: username xdg:schema: org.gnome.keyring.NetworkPassword
keyring entries
Entries created with keyring have the following attributes
General
Title: Password for 'username' on 'service' Username: username Password: ********
Advanced
application: Python keyring library service: twitter username: username
Suggestions
- I would recommend creating (at minimum) the following attributes every time for each entry:
secret-tool store --label='My Label' service <service> username <username>
- This way, it will be available to python3-keyring as well.
Links
linux/security/keyring/keepassxc-keyring.txt · Last modified: 2021/11/09 01:10 by chuck