SUMMARY When KWallet is disabled and KeepassXC used instead, the network manager does not store VPN passwords. STEPS TO REPRODUCE 1. Have KWallet disabled in favor of KeepassXC 2. Import or create a new VPN connection in the network manager. Enter a username and a password. 3. Connect to VPN. OBSERVED RESULT A popup asking for the password shows up. EXPECTED RESULT VPN connects, using the stored password, without asking for one. Alternatively, query KeepassXC for the password.
Did you remember to uncheck the "Use KWallet for the Secret Service interface" checkbox in System Settings > KWallet?
(In reply to Nate Graham from comment #1) > Did you remember to uncheck the "Use KWallet for the Secret Service > interface" checkbox in System Settings > KWallet? Thanks for the reply. Following the suggestion makes the network manager remember the password, but it's stored in KWallet and not KeepassXC. So now I have the same password stored in two different places. Unfortunate, but good enough.
How about if you unckeck that checkbox and then also disable KWaller after that?
KeepassXC installed and running with Secret Service API enabled. Tested to work with Firefox as intended. Scenario #1 Disabled "Use KWallet for the Secret Service interface" Enabled "Enable the KDE wallet subsystem" Network manager stores VPN passwords in KWallet, and not in KeepassXC. Does not query KeepassXC. Scenario #2 Disabled "Use KWallet for the Secret Service interface" Disabled "Enable the KDE wallet subsystem" Network manager does not store VPN passwords, and does not query KeepassXC for them either.
plasma-nm only has code to store the password in KWallet, so if you disable KWallet it won't store it. This certainly isn't a bug in KWallet
๐๐งน โ ๏ธ This bug has been in NEEDSINFO status with no change for at least 15 days. Please provide the requested information, then set the bug status to REPORTED. If there is no change for at least 30 days, it will be automatically closed as RESOLVED WORKSFORME. For more information about our bug triaging procedures, please read https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging. Thank you for helping us make KDE software even better for everyone!
Bulk transfer as requested in T17796
*** Bug 484045 has been marked as a duplicate of this bug. ***
Git commit abf970c067fa465ae9b7b970600de08f035d00e2 by Marco Martin, on behalf of David Edmundson. Committed on 11/04/2025 at 13:22. Pushed by mart into branch 'master'. Add secret service bridge The KWallet daemon is replaced by a new daemon which registers itself on the KWallet dbus service name and exposes all its old api. But instead of using directly the kwallet backend to store secrets, it proxies the api requests to a SecretService daemon, offering a compatibility layer for old kwallet-using applications. It is to be seen as legacy support and migration aid This daemon uses the same metadata format of QtKeychain, so when the application will migrate to it, a further data migration shouldn't be necessary The old KWalled daemon is still there: and is called KSecretd. It doesn't expose the kwallet dbus api animore, but only the SecretService api. It's used as the default secretservice provider for the new proxy kwalletd and it's launched by it unless is explicitly configured to not do so Related: bug 458644, bug 459289 M +12 -1 README.md M +5 -0 src/api/KWallet/org.kde.KWallet.nodeprecated.xml M +5 -0 src/api/KWallet/org.kde.KWallet.xml M +15 -0 src/runtime/ksecretd/CMakeLists.txt M +2 -0 src/runtime/ksecretd/kwalletfreedesktopcollection.cpp M +1 -0 src/runtime/ksecretd/kwalletfreedesktopservice.cpp M +1 -1 src/runtime/ksecretd/main.cpp A +3 -0 src/runtime/ksecretd/org.kde.secretservicecompat.service.in A +3 -0 src/runtime/ksecretd/org.kde.secretservicecompat.service.win.in A +73 -0 src/runtime/kwalletd/CMakeLists.txt A +1173 -0 src/runtime/kwalletd/kwalletd.cpp [License: LGPL(v2.0+)] A +216 -0 src/runtime/kwalletd/kwalletd.h [License: LGPL(v2.0+)] A +53 -0 src/runtime/kwalletd/main.cpp [License: GPL(3+eV) GPL(v3.0) LGPL(v2.0)] A +3 -0 src/runtime/kwalletd/org.kde.kwalletd5.service.in A +3 -0 src/runtime/kwalletd/org.kde.kwalletd5.service.win.in A +3 -0 src/runtime/kwalletd/org.kde.kwalletd6.service.in A +3 -0 src/runtime/kwalletd/org.kde.kwalletd6.service.win.in A +853 -0 src/runtime/kwalletd/secretserviceclient.cpp [License: LGPL(v2.0+)] A +108 -0 src/runtime/kwalletd/secretserviceclient.h [License: LGPL(v2.0+)] https://invent.kde.org/frameworks/kwallet/-/commit/abf970c067fa465ae9b7b970600de08f035d00e2
With that change, KWallet is now simply a thin shell around Secret Service, so any underlying storage method that works with Secret Service is now used.
@Nate, everything that uses the legacy KWallet API directly still needs to be migrated to QtKeyChain eventually. But I suppose that can be tracked elsewhere.