| Summary: | Passwords can only be stored in KWallet, not 3rd-party secret service compatible password managers | ||
|---|---|---|---|
| Product: | [Plasma] plasmashell | Reporter: | jf0918 |
| Component: | Networking in general | Assignee: | Plasma Bugs List <plasma-bugs-null> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | asn, auxsvr, jgrulich, kdelibs-bugs-null, khagebrand, m.kurz, mk.mateng, nate, nicolas.fella, sam |
| Priority: | NOR | ||
| Version First Reported In: | master | ||
| Target Milestone: | 1.0 | ||
| Platform: | Other | ||
| OS: | Linux | ||
| Latest Commit: | Version Fixed/Implemented In: | Frameworks 6.14 | |
| Sentry Crash Report: | |||
|
Description
jf0918
2024-08-04 22:20:11 UTC
Did you remember to uncheck the "Use KWallet for the Secret Service interface" checkbox in System Settings > KWallet? (In reply to Nate Graham from comment #1) > Did you remember to uncheck the "Use KWallet for the Secret Service > interface" checkbox in System Settings > KWallet? Thanks for the reply. Following the suggestion makes the network manager remember the password, but it's stored in KWallet and not KeepassXC. So now I have the same password stored in two different places. Unfortunate, but good enough. How about if you unckeck that checkbox and then also disable KWaller after that? KeepassXC installed and running with Secret Service API enabled. Tested to work with Firefox as intended. Scenario #1 Disabled "Use KWallet for the Secret Service interface" Enabled "Enable the KDE wallet subsystem" Network manager stores VPN passwords in KWallet, and not in KeepassXC. Does not query KeepassXC. Scenario #2 Disabled "Use KWallet for the Secret Service interface" Disabled "Enable the KDE wallet subsystem" Network manager does not store VPN passwords, and does not query KeepassXC for them either. plasma-nm only has code to store the password in KWallet, so if you disable KWallet it won't store it. This certainly isn't a bug in KWallet ๐๐งน โ ๏ธ This bug has been in NEEDSINFO status with no change for at least 15 days. Please provide the requested information, then set the bug status to REPORTED. If there is no change for at least 30 days, it will be automatically closed as RESOLVED WORKSFORME. For more information about our bug triaging procedures, please read https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging. Thank you for helping us make KDE software even better for everyone! Bulk transfer as requested in T17796 *** Bug 484045 has been marked as a duplicate of this bug. *** Git commit abf970c067fa465ae9b7b970600de08f035d00e2 by Marco Martin, on behalf of David Edmundson. Committed on 11/04/2025 at 13:22. Pushed by mart into branch 'master'. Add secret service bridge The KWallet daemon is replaced by a new daemon which registers itself on the KWallet dbus service name and exposes all its old api. But instead of using directly the kwallet backend to store secrets, it proxies the api requests to a SecretService daemon, offering a compatibility layer for old kwallet-using applications. It is to be seen as legacy support and migration aid This daemon uses the same metadata format of QtKeychain, so when the application will migrate to it, a further data migration shouldn't be necessary The old KWalled daemon is still there: and is called KSecretd. It doesn't expose the kwallet dbus api animore, but only the SecretService api. It's used as the default secretservice provider for the new proxy kwalletd and it's launched by it unless is explicitly configured to not do so Related: bug 458644, bug 459289 M +12 -1 README.md M +5 -0 src/api/KWallet/org.kde.KWallet.nodeprecated.xml M +5 -0 src/api/KWallet/org.kde.KWallet.xml M +15 -0 src/runtime/ksecretd/CMakeLists.txt M +2 -0 src/runtime/ksecretd/kwalletfreedesktopcollection.cpp M +1 -0 src/runtime/ksecretd/kwalletfreedesktopservice.cpp M +1 -1 src/runtime/ksecretd/main.cpp A +3 -0 src/runtime/ksecretd/org.kde.secretservicecompat.service.in A +3 -0 src/runtime/ksecretd/org.kde.secretservicecompat.service.win.in A +73 -0 src/runtime/kwalletd/CMakeLists.txt A +1173 -0 src/runtime/kwalletd/kwalletd.cpp [License: LGPL(v2.0+)] A +216 -0 src/runtime/kwalletd/kwalletd.h [License: LGPL(v2.0+)] A +53 -0 src/runtime/kwalletd/main.cpp [License: GPL(3+eV) GPL(v3.0) LGPL(v2.0)] A +3 -0 src/runtime/kwalletd/org.kde.kwalletd5.service.in A +3 -0 src/runtime/kwalletd/org.kde.kwalletd5.service.win.in A +3 -0 src/runtime/kwalletd/org.kde.kwalletd6.service.in A +3 -0 src/runtime/kwalletd/org.kde.kwalletd6.service.win.in A +853 -0 src/runtime/kwalletd/secretserviceclient.cpp [License: LGPL(v2.0+)] A +108 -0 src/runtime/kwalletd/secretserviceclient.h [License: LGPL(v2.0+)] https://invent.kde.org/frameworks/kwallet/-/commit/abf970c067fa465ae9b7b970600de08f035d00e2 With that change, KWallet is now simply a thin shell around Secret Service, so any underlying storage method that works with Secret Service is now used. @Nate, everything that uses the legacy KWallet API directly still needs to be migrated to QtKeyChain eventually. But I suppose that can be tracked elsewhere. |