Last active
May 28, 2025 20:40
-
-
Save GrabbenD/6658c36a1c7fc7ee30ee2498647ca4c6 to your computer and use it in GitHub Desktop.
Revisions
-
GrabbenD revised this gist
Mar 17, 2025 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -32,7 +32,7 @@ Here's a few common alternatives which I came across: _(Note: Official Bitwarden client isn't a `libsecret` provider [yet](https://community.bitwarden.com/t/support-for-libsecrets-dbus-api/4006))_ I found this approach to be not desirable for me personally as you'll have to consider: - Management of a Bitwarden server _(and all that is involved like: handling updates, backups, where it's hosted for uptime and reliability)_. - License pricing _(depending on which features you'd like to have such as 2FA)_. However, a FOSS alternative is: `Vaultwarden`. - **Alternative 4)** `pass-secrets` _(CLI)_ @@ -166,7 +166,7 @@ Furthermore, make sure that `org.freedesktop.secrets.service` file is located in > Error: No such interface “org.freedesktop.Secret.Collection” on object at path /org/freedesktop/secrets/collection/login Depending which method you've chosen, it's likely that you need to reload your session _(logout and then login)_ to get the right environment variables _(e.g. `gnome-keyring` through `PAM`)_. Another possibility is that some parts of your `$HOME` might be owned by a different user which causes permission issues hence this error. -
Mar 17, 2025 . 1 changed file with 3 additions and 3 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -29,11 +29,11 @@ Here's a few common alternatives which I came across: - **Alternative 3)** `vaultwarden` _/or/_ `bitwarden` _(backend)_ + `bitw` _(client)_ _(Note: Official Bitwarden client isn't a `libsecret` provider [yet](https://community.bitwarden.com/t/support-for-libsecrets-dbus-api/4006))_ I found this approach to be not desirable for me personally as you'll have to consider: - Managment of a Bitwarden server _(and all that is involved like: handling updates, backups, where it's hosted for uptime and reliability)_. - License pricing _(depending on which features you'd like to have such as 2FA)_. However, a FOSS alternative is: `Vaultwarden`. - **Alternative 4)** `pass-secrets` _(CLI)_ @@ -110,7 +110,7 @@ Here's some issues which I've encountered Active: active (running) since Wed 2024-04-17 14:51:04 CEST; 22s ago ``` Depending on your distrbution and choice of DE/WM, you might _also_ need to create a D-Bus session manually. Arch Linux automatically seeds the required D-Bus session variables for Sway as seen here: [`/etc/sway/config.d/50-systemd-user.conf`](https://gitlab.archlinux.org/archlinux/packaging/packages/sway/-/blob/main/50-systemd-user.conf) and this can be confirmed with: ```console $ echo $D-Bus_SESSION_BUS_ADDRESS unix:path=/run/user/1000/bus -
Mar 17, 2025 . 1 changed file with 4 additions and 4 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -4,7 +4,7 @@ Setup `org.freedesktop.secrets` the easy way with **KeepassXC** in **Github Desk You might want to quickly authenticate with your Github Account to avoid having to manually configure GIT. Although if you're using a lightweight distribution you might discover that you have to manually find a provider for [`org.freedesktop.secrets`](https://archlinux.org/packages/?sort=&q=org.freedesktop.secrets). I encountered this problem and wanted to share my thoughts and general pointers from what I've learned! @@ -86,7 +86,7 @@ The general gist is: Name=org.freedesktop.secrets Exec=/usr/bin/keepassxc ``` This path might be different if [`$XDG_DATA_HOME`](https://man.archlinux.org/man/dbus-daemon.1.en) is declared _(meaning: `$XDG_DATA_HOME/dbus-1/services/org.freedesktop.secrets.service`)_. Do not touch this variable if you don't need it. Default value is: `XDG_DATA_HOME="$HOME/.local/share"` 6. **Enable Secret Service Integration in KeePassXC** @@ -102,7 +102,7 @@ Here's some issues which I've encountered > `Error calling StartServiceByName for org.freedesktop.secrets: Timeout was reached` 1. Make sure `dbus` is _running_ as otherwise there is no middleman which can exchange structured data between peers in your system. I'm using `dbus-broker` + `dbus-broker-units` _(which is more performant than systemd's `dbus-daemon` + `dbus-daemon-units`)_. Example for `dbus-broker`: ```console @@ -136,7 +136,7 @@ Here's some issues which I've encountered Active: active (running) since Wed 2024-04-17 14:51:06 CEST; 18s ago ``` Furthermore, make sure that `$XDG_CURRENT_DESKTOP` exists as this might be missing if you're not using a login manager _(like SDDM)_: ```console $ export XDG_CURRENT_DESKTOP='sway' $ exec sway -
Jun 10, 2024 . 1 changed file with 94 additions and 58 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,92 +1,92 @@ Setup `org.freedesktop.secrets` the easy way with **KeepassXC** in **Github Desktop** # Overview You might want to quickly authenticate with your Github Account to avoid having to manually configure GIT. Although if you're using a lightweight distribution you might discover that you have to manually find a provider for `org.freedesktop.secrets`. I encountered this problem and wanted to share my thoughts and general pointers from what I've learned! ## Secrets Provider? Github Desktop can authenticate with Github with just a few clicks if you have a secrets provider for `org.freedesktop.secrets`. Here's a few common alternatives which I came across: - **Alternative 1)** `gnome-keyring` _(backend)_ + `seahorse` _(gui-client)_ I would avoid this outside of GNOME DE.. Here's some of my notes: - It [needs](https://wiki.archlinux.org/title/GNOME/Keyring#PAM_step) to be integrated into `PAM`. - From personal experience it can be cumbersome to get it to cooperate with D-Bus and XDG. - You need to have a background daemon to handle requests: `gnome-keyring-daemon.service`. - Make sure to use: `libsecret` instead of the _deprecated_: `libgnome-keyring` for it to work properly. - Restart your session after completing the installation to get the right environment variables. - **Alternative 2)** `kwallet` _(QT)_ It's updated more frequently than Gnome's alternative and has a user friendly interface. It's a good option to get started quickly. - **Alternative 3)** `vaultwarden` _/or/_ `bitwarden` _(backend)_ + `bitw` _(client)_ _(Note: Official Bitwarden client isn't a libsecret provider [yet](https://community.bitwarden.com/t/support-for-libsecrets-dbus-api/4006))_ I found this approach to be not desirable for me personally as you'll have to consider: - Managment of a Bitwarden server _(and all that is involved like: handling updates, backups, where it's hosted for uptime and reliability)_. - License pricing _(depending on which features you'd like to have such as 2FA)_. - **Alternative 4)** `pass-secrets` _(CLI)_ This seems like a good minimalistic approach to just get the job done but the lack of development and small userbase wasn't appealing to me. - **Alternative 5)** `keepassxc` _(GUI)_ I personally avoid Password Managers but I changed my mind after discovering just how well this one works and the fact that it can be used as a provider for `org.freedesktop.secrets` - Uses socket activation to avoid background services _(meaning D-Bus initiates it dynamically)_. - The database file is stored as a encrypted file in your filesystem which can be automatically synced with any cloud storage provider _(like Nextcloud)_. - There is browser integration as well as a mobile app. - 2FA support. ## This is a overkill.. _Alternatively,_ if the above is a hassle consider using Github Desktop as a GUI to only handle branches and commits since the rest can be done in your terminal: 1. [Setup your SSH keys to commit to Github](https://docs.github.com/en/authentication/connecting-to-github-with-ssh). 2. [Ensure you're using the right name and email address for GIT](https://git-scm.com/book/en/v2/Getting-Started-First-Time-Git-Setup). 3. [(Optionally) Configure gnupg](https://docs.github.com/en/authentication/managing-commit-signature-verification/adding-a-gpg-key-to-your-github-account). 4. [Create a access key](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens) _(this works even with GitLab)_. 5. When cloning a repository in Github Desktop, use the `URL` option and when prompted for authentication, provide your account's email and use the access key as password from the previous step! # KeepassXC integration The general gist is: 1. **Ensure that D-Bus is running** If you're using systemd this is already done. Otherwise you might need a lightweight solution like [dbus-broker](https://wiki.archlinux.org/title/D-Bus#dbus-broker). 2. **Install XDG** With Sway, this would be `xdg-desktop-portal` + `xdg-desktop-portal-wlr` + `xdg-desktop-portal-gtk` 3. **Make sure `libsecret` is installed** 4. **Install KeepassXC** 5. **Setup D-Bus integration** ```ini # Default: $HOME/.local/share/dbus-1/services/org.freedesktop.secrets.service [D-BUS Service] Name=org.freedesktop.secrets Exec=/usr/bin/keepassxc ``` This path might be different if [XDG_DATA_HOME](https://man.archlinux.org/man/dbus-daemon.1.en) is declared _(meaning: `$XDG_DATA_HOME/dbus-1/services/org.freedesktop.secrets.service`)_. Do not touch this variable if you don't need it. Default value is: `XDG_DATA_HOME="$HOME/.local/share"` 6. **Enable Secret Service Integration in KeePassXC** @@ -96,50 +96,86 @@ The general gist is: # General Troubleshooting Here's some issues which I've encountered ### Bad session > `Error calling StartServiceByName for org.freedesktop.secrets: Timeout was reached` 1. Make sure `dbus` is _running_ as otherwise there is no middleman which can exchange structured data between peers in your system. I'm using `dbus-broker` + `dbus-broker-units` _(which is more perfromant than systemd's `dbus-daemon` + `dbus-daemon-units`)_. Example for `dbus-broker`: ```console $ systemctl status --user dbus-broker.service | grep Active Active: active (running) since Wed 2024-04-17 14:51:04 CEST; 22s ago ``` Depending on your distrbution and choice of DE/WM, you might _also_ need to create a D-Bus session manually. Arch Linux automatically seeds the required D-Bus session variables for Sway as seen here: [/etc/sway/config.d/50-systemd-user.conf](https://gitlab.archlinux.org/archlinux/packaging/packages/sway/-/blob/main/50-systemd-user.conf) and this can be confirmed with: ```console $ echo $D-Bus_SESSION_BUS_ADDRESS unix:path=/run/user/1000/bus ``` You can check if D-Bus sees the event with: ```console $ dbus-monitor --session | grep keepassxc string "org.keepassxc.KeePassXC.MainWindow" string "/usr/bin/keepassxc" string "/usr/bin/keepassxc" ``` _(P.S. `qdbusviewer` has a GUI to make it easier)_ 2. Confirm that `xdg-desktop-portal` is actually set up correctly, otherwise your browser have no way of communicating with resources outside of its sandbox. Example for Sway in Arch Linux; make sure these XDG services are running for full XDG functionality: ```console $ systemctl status --user xdg-desktop-portal{,-wlr,-gtk} | grep Active Active: active (running) since Wed 2024-04-17 14:51:06 CEST; 18s ago Active: active (running) since Wed 2024-04-17 14:51:06 CEST; 18s ago Active: active (running) since Wed 2024-04-17 14:51:06 CEST; 18s ago ``` Furthermore, make sure that `XDG_CURRENT_DESKTOP` exists as this might be missing if you're not using a login manager _(like SDDM)_: ```console $ export XDG_CURRENT_DESKTOP='sway' $ exec sway ``` --- ### Missing service > `Error: The name org.freedesktop.secrets was not provided by any .service files` D-Bus can't communicate with any `org.freedesktop.secrets` provider. Make sure one is installed correctly _(e.g. providers like `gnome-keypass` needs `PAM` integration and `gnome-keyring-daemon.service` has to be running)_. --- ### Conflicting environment variables > `Error: The name is not activatable` If you're using a Window Manager like Sway, you [might not need](https://gitlab.archlinux.org/archlinux/packaging/packages/sway/-/blob/main/50-systemd-user.conf) `dbus-run-session` to start your WM _(e.g. in case of Arch Linux)_ as it conflicts with `dbus-update-activation-environment` which is executed automatically. Furthermore, make sure that `org.freedesktop.secrets.service` file is located in the correct directory _(check `XDG_DATA_HOME` above)_. --- ### Access issues > Error: No such interface “org.freedesktop.Secret.Collection” on object at path /org/freedesktop/secrets/collection/login Depending which method you've choosen, it's likely that you need to reload your session _(logout and then login)_ to get the right environment variables _(e.g. `gnome-keyring` through `PAM`)_. Another possibility is that some parts of your `$HOME` might be owned by a different user which causes permission issues hence this error. Alternatively make sure there isn't a popup waiting for your password to unlock the path. --- ### Broken D-Bus > GDBus.Error:org.freedesktop.DBus.Error.NameHasNoOwner: Could not activate remote peer: unit failed. Make sure your D-Bus is running -
Oct 14, 2023 . 1 changed file with 5 additions and 5 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -33,7 +33,7 @@ Here's a few common alternatives which I came across: I found this approach not desirable for me personally as you'll have to consider: - Managment of a Bitwarden server (and all that is involved like: handling updates, backups, where it's hosted for uptime and reliability) - License pricing (depending on which features you'd like to have such as 2FA) - **Alternative 4)** `pass-secrets` (CLI) @@ -42,7 +42,7 @@ Here's a few common alternatives which I came across: - **Alternative 5)** `keepassxc` (GUI) I personally avoid Password Managers but I changed my mind after discovering just how well this one works and the fact that it can be used as a provider for `org.freedesktop.secrets` - The database file is stored as a encrypted file in your filesystem which can be automatically synced with any cloud storage provider (like Nextcloud). - It's not running in the background as DBUS can initiate it dynamically. - There is browser integration as well as a mobile app - 2FA support @@ -59,7 +59,7 @@ _Alternatively,_ if the above is a hassle you could just use Github Desktop as a 4. [Create a access key](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens) **(this works even if you'd like to access GitLab)**. 5. When cloning a repository in Github Desktop, use the `URL` option and when prompted for authentication, provide your account's email and use the access key as password from the previous step! ## KeepassXC integration @@ -106,15 +106,15 @@ Error calling StartServiceByName for org.freedesktop.secrets: Timeout was reache First make sure that SystemD's DBUS (or a alternative like `dbus-broker`) is _running_ as otherwise there is no middleman which can exchange structured data between peers in your system. Then make sure that `xdg-desktop-portal` is actually set up correctly, otherwise your browser have no way of communicating with resources outside of its sandbox. For instance, Sway also needs `xdg-desktop-portal-wlr` for full XDG functionality. ### Missing service ```console Error: The name org.freedesktop.secrets was not provided by any .service files ``` DBUS can't communicate with any `org.freedesktop.secrets` provider. Make sure one is installed correctly (e.g. providers like gnome-keypass needs `PAM` integration and `gnome-keyring-daemon.service`). ### Conflicting environment variables -
Oct 14, 2023 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -132,7 +132,7 @@ Error: No such interface “org.freedesktop.Secret.Collection” on object at pa Depending on which method you've choosen (gnome-keyring), it's likely that you need to reload your session (logout and back in) to get the right environment variables (e.g. `gnome-keyring` through `PAM`). Another possibility is that some parts of your `$HOME` might be owned by a different user which causes permission issues to generate this error. Alternatively make sure there isn't a popup waiting for your password to unlock the path. -
Oct 14, 2023 . 1 changed file with 6 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -50,16 +50,22 @@ Here's a few common alternatives which I came across: ### This is a overkill _Alternatively,_ if the above is a hassle you could just use Github Desktop as a GUI to handle branches and commits: 1. [Setup your SSH keys to commit to Github](https://docs.github.com/en/authentication/connecting-to-github-with-ssh). 2. [Ensure you're using the right name and email address for GIT](https://git-scm.com/book/en/v2/Getting-Started-First-Time-Git-Setup). 3. [(Optionally) Configure gnupg](https://docs.github.com/en/authentication/managing-commit-signature-verification/adding-a-gpg-key-to-your-github-account). 4. [Create a access key](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens) **(this works even if you'd like to access GitLab)**. 5. When cloning a repository in Github Desktop, use the `URL` option and when prompted for authentication, provide your username and use the access key as password from the previous step! ## KeepassXC integration The general gist is: 1. **Ensure that DBUS is running** If you're using SystemD this is already done. -
Oct 14, 2023 . 1 changed file with 13 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -26,6 +26,7 @@ Here's a few common alternatives which I came across: - Make sure to use `libsecret` instead of the _deprecated_ `libgnome-keyring` for it to work properly. - **Alternative 2)** `kwallet` It's updated more frequently than Gnome's alternative and has a easier UI, it's a good option if you just want to get this to work quickly with a easy user interface. - **Alternative 3)** `bitw` (backend) + `Bitwarden` (web-client + server) @@ -35,6 +36,7 @@ Here's a few common alternatives which I came across: - License pricing (depending on which features you'd like to have like 2FA) - **Alternative 4)** `pass-secrets` (CLI) This seems like a good minimalistic approach to just get the job done but the lack of development and small userbase wasn't appealing to me. - **Alternative 5)** `keepassxc` (GUI) @@ -51,29 +53,39 @@ _Alternatively,_ if the above is a hassle you could just use Github Desktop as a 1. [Setup your SSH keys to commit to Github](https://docs.github.com/en/authentication/connecting-to-github-with-ssh). 2. [Ensure you're using the right name and email address for GIT](https://git-scm.com/book/en/v2/Getting-Started-First-Time-Git-Setup). 3. [(Optionally) Configure gnupg](https://docs.github.com/en/authentication/managing-commit-signature-verification/adding-a-gpg-key-to-your-github-account). 4. [Create a access key](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens) **(this works even if you'd like to access GitLab)**. 5. When cloning a repository in Github Desktop, use the `URL` option and when prompted for authentication, provide your username and use the access key as password from the previous step! ## KeepassXC integration The general gist is: 1. **Ensure that DBUS is running** If you're using SystemD this is already done. Otherwise you might need a lightweight solution like [dbus-broker](https://wiki.archlinux.org/title/D-Bus#dbus-broker). 2. **Install XDG** With Sway, this would be `xdg-desktop-portal` and `xdg-desktop-portal-wlr` 3. **Make sure `libsecret` is installed** 4. **Install KeepassXC** 5. **Setup DBUS integration** ```ini # $HOME/.local/share/dbus-1/services/org.freedesktop.secrets.service [D-BUS Service] Name=org.freedesktop.secrets Exec=/usr/bin/keepassxc ``` 6. **Enable Secret Service Integration in KeePassXC** `Tools -> Settings -> Secret Service Integration -> [X] Enable KeepassXC Freedesktop.org Secret Service Integration` 7. You're done, there is no need to do anything else! # General Troubleshooting -
Oct 14, 2023 . 1 changed file with 8 additions and 5 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -16,26 +16,29 @@ Github Desktop can authenticate with Github with just a few clicks if you have a Here's a few common alternatives which I came across: - **Alternative 1)** `gnome-keyring` (backend) + `seahorse` (gui-client) I would avoid this outside of GNOME DE, here's some of my notes: - It [needs](https://wiki.archlinux.org/title/GNOME/Keyring#PAM_step) to be integrated into `PAM`. - From personal experience it can be cumbersome to get it to cooperate with DBUS and XDG. - You need to have a background daemon to handle requests `gnome-keyring-daemon.service`. - Restart your session after completing the installation to get the right environment variables. - Make sure to use `libsecret` instead of the _deprecated_ `libgnome-keyring` for it to work properly. - **Alternative 2)** `kwallet` It's updated more frequently than Gnome's alternative and has a easier UI, it's a good option if you just want to get this to work quickly with a easy user interface. - **Alternative 3)** `bitw` (backend) + `Bitwarden` (web-client + server) I found this approach not desirable for me personally as you'll have to consider: - Managment of a Bitwarden server (and all that is involved like: handling updates, backups, where it's hosted for uptime and reliability) - License pricing (depending on which features you'd like to have like 2FA) - **Alternative 4)** `pass-secrets` (CLI) This seems like a good minimalistic approach to just get the job done but the lack of development and small userbase wasn't appealing to me. - **Alternative 5)** `keepassxc` (GUI) I personally avoid Password Managers but I changed my mind after discovering just how well this one works and the fact that it can be used as a provider for `org.freedesktop.secrets` - The database file is stored as a encrypted file in your filesystem which can be synced automatically with any cloud storage provider (like Nextcloud). - It's not running in the background as DBUS can initiate it dynamically. -
Oct 14, 2023 . 1 changed file with 5 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -5,12 +5,15 @@ Setup `org.freedesktop.secrets` the easy way with KeepassXC ## Overview You might want to quickly authenticate with your Github Account to avoid having to manually setup GIT. Although if you're using a lightweight distribution you might discover that you have to manually create a provider for `org.freedesktop.secrets`. I encountered this problem and wanted to share my thoughts and general pointers here from what I've learned! ## Secrets Provider? Github Desktop can authenticate with Github with just a few clicks if you have a secrets provider for `org.freedesktop.secrets`. Here's a few common alternatives which I came across: 1. **Alternative 1)** `gnome-keyring` (backend) + `seahorse` (gui-client) @@ -107,7 +110,9 @@ Error: No such interface “org.freedesktop.Secret.Collection” on object at pa ``` Depending on which method you've choosen (gnome-keyring), it's likely that you need to reload your session (logout and back in) to get the right environment variables (e.g. `gnome-keyring` through `PAM`). Another possibility is that some parts of your `$HOME`` might be owned by a different user which causes permission issues to generate this error. Alternatively make sure there isn't a popup waiting for your password to unlock the path. ### Broken DBUS -
Oct 14, 2023 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,6 +1,6 @@ # Github Desktop Setup `org.freedesktop.secrets` the easy way with KeepassXC ## Overview -
Oct 14, 2023 . 1 changed file with 3 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,4 +1,6 @@ # Github Desktop Setup org.freedesktop.secrets the easy way with KeepassXC ## Overview -
Oct 14, 2023 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
Oct 14, 2023 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,117 @@ # Github Desktop - setup org.freedesktop.secrets the easy way with KeepassXC ## Overview You might want to quickly authenticate with your Github Account to avoid having to manually setup GIT. Although if you're using a lightweight distribution you might discover that you have to manually create a provider for `org.freedesktop.secrets`. I encountered this problem and wanted to share my thoughts and general pointers here from what I've learned! ## Secrets Provider? Github Desktop can authenticate with Github with just a few clicks if you have a secrets provider for `org.freedesktop.secrets`. Here's a few common alternatives which I came across: 1. **Alternative 1)** `gnome-keyring` (backend) + `seahorse` (gui-client) I would avoid this outside of GNOME DE, here's some of my notes: - It [needs](https://wiki.archlinux.org/title/GNOME/Keyring#PAM_step) to be integrated into `PAM`. - From personal experience it can be cumbersome to get it to cooperate with DBUS and XDG. - You need to have a background daemon to handle requests `gnome-keyring-daemon.service`. - Restart your session after completing the installation to get the right environment variables. - Make sure to use `libsecret` instead of the _deprecated_ `libgnome-keyring` for it to work properly. 2. **Alternative 2)** `kwallet` It's updated more frequently than Gnome's alternative and has a easier UI, it's a good option if you just want to get this to work quickly with a easy user interface. 3. **Alternative 3)** `bitw` (backend) + `Bitwarden` (web-client + server) I found this approach not desirable for me personally as you'll have to consider: - Managment of a Bitwarden server (and all that is involved like: handling updates, backups, where it's hosted for uptime and reliability) - License pricing (depending on which features you'd like to have like 2FA) 4. **Alternative 4)** `pass-secrets` (CLI) This seems like a good minimalistic approach to just get the job done but the lack of development and small userbase wasn't appealing to me. 5. **Alternative 5)** `keepassxc` (GUI) I personally avoid Password Managers but I changed my mind after discovering just how well this one works and the fact that it can be used as a provider for `org.freedesktop.secrets` - The database file is stored as a encrypted file in your filesystem which can be synced automatically with any cloud storage provider (like Nextcloud). - It's not running in the background as DBUS can initiate it dynamically. - There is browser integration as well as a mobile app - 2FA support ### This is a overkill _Alternatively,_ if the above is a hassle you could just use Github Desktop as a GUI to handle branches and commits: 1. [Setup your SSH keys to commit to Github](https://docs.github.com/en/authentication/connecting-to-github-with-ssh). 2. [Ensure you're using the right name and email address for GIT](https://git-scm.com/book/en/v2/Getting-Started-First-Time-Git-Setup). 3. [(Optionally) Configure gnupg](https://docs.github.com/en/authentication/managing-commit-signature-verification/adding-a-gpg-key-to-your-github-account). 4. [Create a access key (this works even if you'd like to access GitLab)](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens) 5. When cloning a repository in Github Desktop, use the `URL` option and when prompted for authentication, provide your username and use the access key as password from the previous step! ## KeepassXC integration The general gist is: 1. **Ensure that DBUS is running** If you're using SystemD this is already done. Otherwise you might need a lightweight solution like [dbus-broker](https://wiki.archlinux.org/title/D-Bus#dbus-broker). 2. **Install XDG** With Sway, this would be `xdg-desktop-portal` and `xdg-desktop-portal-wlr` 3. **Make sure `libsecret` is installed** 4. **Install KeepassXC** 5. **Setup DBUS integration** ```ini # $HOME/.local/share/dbus-1/services/org.freedesktop.secrets.service [D-BUS Service] Name=org.freedesktop.secrets Exec=/usr/bin/keepassxc ``` 6. **Enable Secret Service Integration in KeePassXC** `Tools -> Settings -> Secret Service Integration -> [X] Enable KeepassXC Freedesktop.org Secret Service Integration` 7. You're done, there is no need to do anything else! # General Troubleshooting Here's some of my conclussions to the issues which I've encountered ### Bad session ``` Error calling StartServiceByName for org.freedesktop.secrets: Timeout was reached ``` First make sure that SystemD's DBUS (or a alternative like `dbus-broker`) is _running_ as otherwise there is no middleman which can exchange structured data between peers in your system. Then make sure that `xdg-desktop-portal` is actually set up correctly, otherwise your browser have no of communicating with resources outside of its sandbox. For instance, Sway also needs `xdg-desktop-portal-wlr` for full XDG functionality. ### Missing service ```console Error: The name org.freedesktop.secrets was not provided by any .service files ``` DBUS can't communicate with any `org.freedesktop.secrets` provider, make sure one is installed correctly (e.g. providers like gnome-keypass needs `PAM` integration). ### Conflicting environment variables ```console Error: The name is not activatable ``` If you're using a Window Manager like Sway, you [might not need](https://gitlab.archlinux.org/archlinux/packaging/packages/sway/-/blob/main/50-systemd-user.conf?ref_type=heads) `dbus-run-session` to start your WM (e.g. in case of Arch Linux) as it conflicts with `dbus-update-activation-environment` which is executed automatically. ### Access issues ```console Error: No such interface “org.freedesktop.Secret.Collection” on object at path /org/freedesktop/secrets/collection/login ``` Depending on which method you've choosen (gnome-keyring), it's likely that you need to reload your session (logout and back in) to get the right environment variables (e.g. `gnome-keyring` through `PAM`). Another possibility is that some parts of your `$HOME`` might be owned by a different user which causes permission issues to generate this error. Alternatively make sure there isn't a popup waiting for your password to unlock the path. ### Broken DBUS ```console GDBus.Error:org.freedesktop.DBus.Error.NameHasNoOwner: Could not activate remote peer: unit failed. ``` Make sure your DBUS is running