Login Keyring did not get unlocked - Hyprland

I am using Hyprland setup with NixOS.
When I open VS code after boot for the first time, I get a confirmation popup to enter my password. The reason being “The login keyring did not get unlocked.”
Is there a fix for this? It should automatically do it, no?
I am not even using a different password for the keyring.

I am using Gnome-Keyring with libsecret if that helps.

2 Likes

Yeah I observed this too.

From memory the behaviour was different in the past, my gnome-keyring used to (at least that’s my current explanation) be unlocked at startup.

2 Likes

Do you have the following set?

  # unlock keyring on login
  security.pam.services.greetd.enableGnomeKeyring = true;

Note this assumes a greetd setup.

I am using GDM as my login manager.

security.pam.services.gdm.enableGnomeKeyring = true;

I have this set in my configuration, but it doesn’t work for some reason.

Does ps aux | grep gnome-keyring-daemon show something like /run/wrappers/bin/gnome-keyring-daemon --start --foreground --components=secrets? I’m using the service services.gnome.gnome-keyring.enable to start it up for me. Just wanted to verify it’s running.

Here’s the output after running the command:
ps aux | grep gnome-keyring-daemon:

masum       5471  0.0  0.0   6412  2596 pts/0    S+   13:57   0:00 grep --color=auto --exclude-dir=.bzr --exclude-dir=CVS --exclude-dir=.git --exclude-dir=.hg --exclude-dir=.svn --exclude-dir=.idea --exclude-dir=.tox gnome-keyring-daemon

After unlocking the keyring:

masum       5849  0.0  0.0 458544  9344 ?        SLl  13:57   0:00 /run/wrappers/bin/gnome-keyring-daemon --start --foreground --components=secrets
masum       7260  0.0  0.0   6412  2628 pts/0    S+   14:03   0:00 grep --color=auto --exclude-dir=.bzr --exclude-dir=CVS --exclude-dir=.git --exclude-dir=.hg --exclude-dir=.svn --exclude-dir=.idea --exclude-dir=.tox gnome-keyring-daemon

Do you have services.gnome.gnome-keyring.enable = true; in your config? If not, try adding that.

I have the following in my configuration, still the same issue.:

  services.gnome.gnome-keyring.enable = true;
  programs.seahorse.enable = true; # enable the graphical frontend
  environment.systemPackages = [ pkgs.libsecret ]; # libsecret api needed
  security.pam.services.gdm.enableGnomeKeyring = true; # load gnome-keyring at startup

The problem is, it sometimes works and sometimes doesn’t. I don’t know what is the trigger/cause of it to stop unlocking it automatically during login.

Found out the actual problem. The login shell runtime dir was not properly set at gdm startup.
So set

  environment.variables.XDG_RUNTIME_DIR = "/run/user/$UID"; # set the runtime directory

which unlocks the keyring properly every time now.
Full config is here.

From journalctl -b | grep gkr-pam:

Mar 26 00:28:17 Ainz-NIX gdm-password][3065]: gkr-pam: unable to locate daemon control file
Mar 26 00:28:17 Ainz-NIX gdm-password][3065]: gkr-pam: stashed password to try later in open session
Mar 26 00:28:17 Ainz-NIX gdm-password][3065]: gkr-pam: gnome-keyring-daemon started properly and unlocked keyring