Applications not finding org.freedesktop.secrets

Help
1

I am trying to use pass-secret-service as the backend for the libsecret dbus API on my system, and I cannot get this to work. I have this in my /etc/nixos/configuraiton.nix,

  services.dbus.packages = with pkgs; [
    pass-secret-service
  ];

And every application I run that tries to call the libsecret API, outputs this error,

The name org.freedesktop.secrets was not provided by any .service files

(Even after a reboot.)

The documentation for the libsecret API seems to be rather sparse, and I cannot find any kind of logging around it to even confirm that the service in the pass-secret-service nixpkg is actually running. Has anyone else had any success with this or a similar setup?

2

hmmm, bit of arch error, but it’s seems org.freedesktop.secrets is provided by gnome keyring.

A bit of quick guess, but do you have that? https://github.com/NixOS/nixpkgs/issues/112914

might have some clues, and it says you can debug dbus with

busctl monitor --user

which may or may not help you, but looks like fun.

1 Like
3

gnome keyring is only one provider of org.freedesktop.secrets. (I think the original implementation, actually.) Some comments on that ticket mention this.

busctl looks useful, though. Thanks for mentioning that!

1 Like
4

The package does not seem to contain any .service files. Maybe you need to start it manually?

1 Like
5

Ah, yes, that’s the problem: upstream provides no .service file, and expects the user to run it manually. (Issue #22 on the upstream GitHub project seems relevant.)

1 Like
6

How did you get org.freedesktp.secrets to work at the end of the day? I’m new to NixOS and I can’t wrap my head around what needs to be done here

7

I wrote a NixOS module for pass_secret_service (which is only one of several provider of org.freedesktop.secrets, and added

  services.passSecretService.enable = true;

to my system configuration.

If you want to use a different provider, then I don’t know. Also worth noting that there are some outstanding problems with the spec itself. See xdg-specs/-/issues/75.

1 Like
8

Could you post the required configuration options to get it running? I’m banging my head against the wall since nothing seems to work :exploding_head:

# hm.nix
services.pass-secret-service = {
  enable = true;
  package = pkgs.libsecret;
};
9

That’s looks like a home-manager config, and I never had success with the home-manager module. I think my issue was that dbus units have to be installed at the system level, so I needed to do this in a NixOS module. The configuration option in my previous post should be all you need besides setting up pass itself. pass_secret_service talks to pass, but you need to have it installed and set up already.

1 Like
10

Thanks for letting me know!
I personally only needed this to authenticate with Github and I ended up doing it in a different way which circumvents the initial issue with HM:

  1. SSH auth:

Add contents of: ~/.ssh/id_rsa.pub to Github as a SSH key. Generate it with:
$ ssh-keygen -t rsa -C “case@sensitive.email”

Verify if it works:
$ ssh -T git@github.com

  1. GPG signing:

Use “RSA and RSA” with 4096 bits keysize
$ gpg2 --full-generate-key

Add the key to Github as a GPG key from:
$ gpg2 --list-keys case@sensitive.email | grep pub
$ gpg2 --armor --export keyID

Verify if it works:
$ touch test.tmp && gpg2 -sea -r case@sensitive.email test.tmp

  1. .nix:
# $ git config --list
programs.git = {
  enable = true;
  userName = "case.sensitive.username";
  userEmail = "case@sensitive.email";

  signing = {
    key = null; # GnuPG decides what signing key to use depending on commit’s author details
    signByDefault = true;
  };
};

# Daemon to manage secret (private) keys independently from any protocol
programs.gpg.enable = true;
services.gpg-agent = {
  enable = true;
  enableSshSupport = true;
  pinentryFlavor = "gtk2"; # Hyprland/Wayland
};