Implementation of Secret Service API
What does this project do?
By using secret service, you don't need to use
KeePassXC secretservice for storing and retrieving you applications credentials anymore, or login every time to
- Archlinux: There is an AUR package named
- Debian: TODO deb package
- RedHat: TODO rpm package
There is a
scripts/manage.sh shellscript that do the job of install/uninstall (run it by
./scripts/manage.sh) but here are the details:
You need to copy the binary (
secretserviced, build the project or download it from releases page) some where usually
/usr/bin but if you don't have the permission,
~/.local/bin is OK too. To build the binary from source code:
git clone https://github.com/yousefvand/secret-service.git cd secret-service go build -race -o secretserviced cmd/app/secretserviced/main.go
You need a
systemd UNIT file named
secretserviced.service to put in
/etc/systemd/user but if you don't have the permission
~/.config/systemd/user is OK too. Here is a sample UNIT file, change
ExecStart according to where you put the binary:
[Unit] Description=Service to keep secrets of applications Documentation=https://github.com/yousefvand/secret-service [Install] WantedBy=default.target [Service] Type=simple RestartSec=30 Restart=always Environment="MASTERPASSWORD=01234567890123456789012345678912" WorkingDirectory=/usr/bin/ ExecStart=/usr/bin/secretserviced
MASTERPASSWORD is very important, don't loose it.
scripts/manage.sh would generate a random
32 character password automatically. If you don't use the
scripts/manage.sh shellscript, it is up to you to set the password and it should be EXACTLY
32 characters length.
Now start the service:
systemctl enable --now --user secretserviced.service
and you can stop the service by:
systemctl disable --now --user secretserviced.service
to see the status of service:
systemctl status --user secretserviced.service
secret-service stuff (database, logs...) are stored under:
By default all secrets are encrypted with
AES-CBC-256 symmetric algorithm with
MASTERPASSWORD. If you wish to switch between encrypted/unencrypted database you need to follow these steps:
- Stop service:
systemctl stop --user secretserviced.service
- Change config
encryptionkey (located at:
- If you are changing to
encryption: truemake sure
- Delete database (located at:
- Start service:
systemctl start --user secretserviced.service
If service refuses to start and you see
OS exit code
5 in logs, it means som other application has taken dbus name
org.freedesktop.secrets before (such as keyrings), stop that application and try again.
This project is in its infancy and as it is my first golang project there are many design and code problems. I do appreciate suggestions and PRs. If you can get done any item from
TODO list, you are welcome. This list will be updated based on new insights and user issues.
In case of sending a PR please make sure:
- You are addressing just one issue per PR.
- Completely describe the problem and your solution in plain English.
- Don't send your PRs to
mainbranch, create a new branch based on your changes and make sure all tests are passed.
- If any new test is needed based on your PR, please write the test as well.
[ ] Improve CI
[ ] What's the best way to secure
[ ] deb, rpm, AppImage packages
[ ] ...