Login Keyring did not get unlocked - Hyprland

JohnRTitor · March 5, 2024, 9:44pm

I am using Hyprland setup with NixOS.
When I open VS code after boot for the first time, I get a confirmation popup to enter my password. The reason being “The login keyring did not get unlocked.”
Is there a fix for this? It should automatically do it, no?
I am not even using a different password for the keyring.

I am using Gnome-Keyring with libsecret if that helps.

don.dfh · March 6, 2024, 8:50pm

Yeah I observed this too.

From memory the behaviour was different in the past, my gnome-keyring used to (at least that’s my current explanation) be unlocked at startup.

willbush · March 11, 2024, 2:25am

Do you have the following set?

  # unlock keyring on login
  security.pam.services.greetd.enableGnomeKeyring = true;

Note this assumes a greetd setup.

JohnRTitor · March 11, 2024, 4:36pm

I am using GDM as my login manager.

security.pam.services.gdm.enableGnomeKeyring = true;

I have this set in my configuration, but it doesn’t work for some reason.

willbush · March 15, 2024, 8:27am

Does ps aux | grep gnome-keyring-daemon show something like /run/wrappers/bin/gnome-keyring-daemon --start --foreground --components=secrets? I’m using the service services.gnome.gnome-keyring.enable to start it up for me. Just wanted to verify it’s running.

JohnRTitor · March 16, 2024, 8:29am

Here’s the output after running the command:
ps aux | grep gnome-keyring-daemon:

masum       5471  0.0  0.0   6412  2596 pts/0    S+   13:57   0:00 grep --color=auto --exclude-dir=.bzr --exclude-dir=CVS --exclude-dir=.git --exclude-dir=.hg --exclude-dir=.svn --exclude-dir=.idea --exclude-dir=.tox gnome-keyring-daemon

After unlocking the keyring:

masum       5849  0.0  0.0 458544  9344 ?        SLl  13:57   0:00 /run/wrappers/bin/gnome-keyring-daemon --start --foreground --components=secrets
masum       7260  0.0  0.0   6412  2628 pts/0    S+   14:03   0:00 grep --color=auto --exclude-dir=.bzr --exclude-dir=CVS --exclude-dir=.git --exclude-dir=.hg --exclude-dir=.svn --exclude-dir=.idea --exclude-dir=.tox gnome-keyring-daemon

willbush · March 16, 2024, 6:05pm

Do you have services.gnome.gnome-keyring.enable = true; in your config? If not, try adding that.

JohnRTitor · March 16, 2024, 6:12pm

I have the following in my configuration, still the same issue.:

  services.gnome.gnome-keyring.enable = true;
  programs.seahorse.enable = true; # enable the graphical frontend
  environment.systemPackages = [ pkgs.libsecret ]; # libsecret api needed
  security.pam.services.gdm.enableGnomeKeyring = true; # load gnome-keyring at startup

The problem is, it sometimes works and sometimes doesn’t. I don’t know what is the trigger/cause of it to stop unlocking it automatically during login.

JohnRTitor · March 25, 2024, 7:06pm

Found out the actual problem. The login shell runtime dir was not properly set at gdm startup.
So set

  environment.variables.XDG_RUNTIME_DIR = "/run/user/$UID"; # set the runtime directory

which unlocks the keyring properly every time now.
Full config is here.

From journalctl -b | grep gkr-pam:

Mar 26 00:28:17 Ainz-NIX gdm-password][3065]: gkr-pam: unable to locate daemon control file
Mar 26 00:28:17 Ainz-NIX gdm-password][3065]: gkr-pam: stashed password to try later in open session
Mar 26 00:28:17 Ainz-NIX gdm-password][3065]: gkr-pam: gnome-keyring-daemon started properly and unlocked keyring

don.dfh · May 4, 2024, 12:39am

Thanks for finding this a while back, it really helped me solving the issue.

As of todays update, my logs show

May 03 23:58:58 aitutaki sddm-helper[2679]: gkr-pam: gnome-keyring-daemon started properly and unlocked keyring
May 04 00:06:35 aitutaki gnome-keyring-daemon[3700]: couldn't access control socket: /run/user/31337/keyring/control: No such file or directory

and my gnome-keyring remains locked after startup.

JohnRTitor · May 29, 2024, 4:55pm

Try with:

  security.pam.services.gdm-password.enableGnomeKeyring = true;

simply using gdm/login there won’t work because GNOME keyring is supposed to be unlocked as part of gdm-password service.

guttermonk · October 23, 2024, 5:25am

Having this issue after switching from 24.05 to unstable.

Already have:

services.gnome.gnome-keyring.enable = true;
security.pam.services.greetd.enableGnomeKeyring = true;
environment.variables.XDG_RUNTIME_DIR = "/run/user/$UID";

What would be the equivalent of security.pam.services.gdm-password.enableGnomeKeyring = true; for greetd?

I tried security.pam.services.greetd-password.enableGnomeKeyring = true; but that didn’t work.

Here’s the error message I’m getting: “The application ‘Brave’ has requested to open the wallet ‘Default keyring’. Please enter the password for this wallet below.”

niksingh710 · February 13, 2025, 7:41am

I am using uwsm to login directly, not using any login manager.
also utilising impermanence setup still the issue remains for me.
is this not resolvable without gdm?

guttermonk · March 15, 2025, 10:45pm

FWIW, I was able to fix my issue by changing my Brave Browser startup command to:
brave --password-store=gnome-libsecret