keepass

gopher://gopher.someodd.zip:70/1/catalog/tech/workstation/keepass/ keepass 2026-03-31T00:00:00Z gopher.someodd.zip gopher://gopher.someodd.zip:70/0/tech/workstation/keepass/keepassxc-no-plaintext-secrets.txt Stop Storing API Keys in Plaintext Config Files (KeepassXC + Secret Service) 2026-03-31T00:00:00Z 2026-03-31T00:00:00Z

Stop storing API keys in plaintext by pulling them from KeepassXC t...

/usr/share/dbus-1/services/org.freedesktop.secrets.service << EOF [D-BUS Service] Name=org.freedesktop.secrets Exec=/usr/bin/false EOF' # ALSO stop D-Bus auto-activation via org.gnome.keyring # This is a separate service file that launches gnome-keyring-daemon # with --components=secrets. If anything pokes the org.gnome.keyring # D-Bus name, gnome-keyring starts and claims org.freedesktop.secrets # too. Blocking only org.freedesktop.secrets is not enough. sudo bash -c 'cat > /usr/share/dbus-1/services/org.gnome.keyring.service << EOF [D-BUS Service] Name=org.gnome.keyring Exec=/usr/bin/false EOF' # Hide the autostart entry (idempotent -- safe to run again) mkdir -p ~/.config/autostart cp /etc/xdg/autostart/gnome-keyring-secrets.desktop ~/.config/autostart/ grep -q '^Hidden=true' ~/.config/autostart/gnome-keyring-secrets.desktop \ || echo "Hidden=true" >> ~/.config/autostart/gnome-keyring-secrets.desktop # Kill any running instance killall gnome-keyring-daemon # KeepassXC won't automatically reclaim org.freedesktop.secrets -- # it tried at startup, lost to gnome-keyring, and gave up. # Restart it (or toggle Secret Service off/on in its settings). ``` Since apt upgrade will silently restore these service files (see caveats below), I keep a script that re-neuters both in one shot. Save as ~/fix-gnome-keyring-secrets.sh: ``` #!/bin/bash set -euo pipefail if [[ $EUID -ne 0 ]]; then echo "Run this with sudo." >&2 exit 1 fi REAL_USER="${SUDO_USER:?}" cat > /usr/share/dbus-1/services/org.freedesktop.secrets.service << 'EOF' [D-BUS Service] Name=org.freedesktop.secrets Exec=/usr/bin/false EOF cat > /usr/share/dbus-1/services/org.gnome.keyring.service << 'EOF' [D-BUS Service] Name=org.gnome.keyring Exec=/usr/bin/false EOF sudo -u "$REAL_USER" killall gnome-keyring-daemon 2>/dev/null || true if pgrep -u "$REAL_USER" keepassxc >/dev/null 2>&1; then echo "Restart KeePassXC to reclaim org.freedesktop.secrets." else echo "Start KeePassXC to claim org.freedesktop.secrets." fi ``` Run with `sudo ~/fix-gnome-keyring-secrets.sh` after any gnome-keyring package update. Then delete the old gnome-keyring data if you don't need it: ``` rm ~/.local/share/keyrings/login.keyring ``` ## 3. Enable KeepassXC Secret Servi]]> gopher://gopher.someodd.zip:70/1/tech/workstation/keepass/keepass-keyring-manager KeepassXC as Key Ring Manager for Minimal DEs & WMs 2025-10-15T00:00:00Z 2025-10-15T00:00:00Z

Uses KeepassXC as an SSH agent and Secret Service provider for mini...

Uses KeepassXC as an SSH agent and Secret Service provider for minimal window managers like Window Maker. Targets setups where a full DE keyring (GNOME/KDE) isn't available.