KDE Wallet
KDE Wallet Manager is a tool to manage the passwords on your KDE Plasma system. By using the KWallet subsystem it not only allows you to keep your own secrets but also to access and manage the passwords of every application that integrates with KWallet.
Contents
Unlock KDE Wallet automatically on login
If your KWallet password is the same as your username password, you can unlock your wallet automatically on login.
For Plasma 4, install the pam_kwallet-gitAUR.
Then edit /etc/pam.d/kde
and add the two lines under their corresponding sections:
auth optional pam_kwallet.so kdehome=.kde4 session optional pam_kwallet.so
Example /etc/pam.d/kde
#%PAM-1.0 auth include system-login auth optional pam_kwallet.so kdehome=.kde4 account include system-login password include system-login session include system-login session optional pam_kwallet.so
For Plasma 5, install kwallet-pam package. Then edit your login manager pam file and add the two lines under their corresponding sections:
-auth optional pam_kwallet5.so -session optional pam_kwallet5.so auto_start
For LightDM, for example, edit lightdm and lightdm-greeter files:
Example /etc/pam.d/lightdm
#%PAM-1.0 auth include system-login -auth optional pam_kwallet5.so account include system-login password include system-login session include system-login -session optional pam_kwallet5.so auto_start
For SDDM, just edit the sddm file like this to get both kwallet4 and kwallet5 to auto-unlock:
Example /etc/pam.d/sddm
auth include system-login auth optional pam_kwallet5.so auth optional pam_kwallet.so kdehome=.kde4 account include system-login password include system-login session include system-login session optional pam_kwallet5.so auto_start session optional pam_kwallet.so
After restarting your wallet should unlock automatically if your user password is the same as your KWallet password and you use a login manager like KDM.
Using the KDE Wallet to store ssh keys
First, make sure that you have an SSH agent running. For instructions on how to start and stop ssh-agent
on login and logout respectively follow SSH keys#Using KDM.
Install the ksshaskpass package.
Create an autostart file (KDE4: ~/.kde4/Autostart/ssh-add.sh
, KDE Plasma: ~/.config/autostart/ssh-add.sh
) with this content:
#!/bin/sh ssh-add </dev/null
KDE Plasma no longer processes *.sh startup scripts in the autostart directory. There are two methods to fix this.
Method #1: Move ssh-add.sh to the new autostart-scripts directory
Instead of placing the file in ~/.config/autostart/ssh-add.sh
, place it in ~/.config/autostart-scripts/ssh-add.sh
.
Method #2: Convert ssh-add.sh to a desktop file
You can also create a startup .desktop file ~/.config/autostart/ssh-add.desktop
:
[Desktop Entry] Exec=~/.config/autostart/ssh-add.sh Icon=system-run StartupNotify=true Terminal=false Type=Application
If you created a desktop file for ssh-add above, reboot. If you created a sh file, make it executable and run it:
Plasma 4
$ chmod +x ~/.kde4/Autostart/ssh-add.sh $ ~/.kde4/Autostart/ssh-add.sh
Plasma 5
$ chmod +x ~/.config/autostart-scripts/ssh-add.sh $ ~/.config/autostart-scripts/ssh-add.sh
You also have to set the SSH_ASKPASS
environment variable in your /etc/profile or ~/.bash_profile:
export SSH_ASKPASS="/usr/bin/ksshaskpass"
It will ask for your password and unlock your SSH keys. Upon restart your SSH keys should be unlocked once you give your kwallet password.
To add a new key and store the password with kwallet use the following command
$ ssh-add /path/to/new/key </dev/null
and append the key to the list of keys in ~/.kde4/Autostart/ssh-add.sh
as explained above to have it unlocked upon providing the kwallet password.
KDE Wallet for Firefox
There is an addon to make Firefox store passwords with KDE Wallet 5 or KDE Wallet 4.
KDE Wallet for Chromium
Chromium has built in wallet integration. To enable it, run Chromium with the --password-store=kwallet
or --password-store=detect
argument.