EDIT:

This is just secure if your threat model is “having synced passwords, maybe on unencrypted cloud storage”.

Kwallet is not secure, it can easily be read by any program. I stopped using this method myself as it is unnecessarily insecure.


original post
  1. Open “KWalletManager”
  2. If not existent, create a new folder called “Passwords” by clicking on the clear area and then “New”
  3. Open that folder, in here you find multiple folders, one is called “Passwords” in your systems language
  4. Right click the “Passwords” subfolder and press “new”
  5. Name the entry for example “Keepass”, click on the entry and “show content”, enter your Keepass Password
  6. Create an Appstarter for quick-opening your password storage!

You can create an App Desktop Entry like this, open your Terminal and enter:

When using KeepassXC Flatpak:

cat > ~/.local/share/applications/keepassxc-unlock.desktop <<EOF
[Desktop Entry]
Name=Keepass-unlock
Comment=Unlock your KeepassXC vault
Exec=kwallet-query -r KeepassXC kdewallet | /usr/bin/flatpak run --branch=stable --arch=x86_64 --command=keepassxc --file-forwarding org.keepassxc.KeePassXC --pw-stdin ~/passwords.kdbx
Icon=emblem-encrypted-unlocked
Type=Application
EOF

When using a native package:

cat > ~/.local/share/applications/keepassxc-unlock.desktop <<EOF
[Desktop Entry]
Name=Keepass-unlock
Comment=Unlock your KeepassXC vault
Exec=kwallet-query -r KeepassXC kdewallet | keepassxc --pw-stdin ~/passwords.kdbx
Icon=emblem-encrypted-unlocked
Type=Application
EOF
  • Pantherina@feddit.deOP
    link
    fedilink
    arrow-up
    3
    ·
    10 months ago

    In that case Kwallet needs to be fixed. If kwallet is safe, this is safe.

    But you can decide how a tool can be safe that allows to extract passwords just like that.

    • BaalInvokerA
      link
      fedilink
      arrow-up
      7
      arrow-down
      1
      ·
      10 months ago

      But you just made the use of password manager pointless.

      The point of a password manager is to use as a vault that opens only when you type your password, retrieve what you need and then lock it again.

      Keeping it open always is unsecure, cause once your system or kwallet is exploited, your password will be exposed immediatly.

      Anyway, if you wanna use Kwallet as your vault, it’s much safer using KeepassXC native function Secret Agent.

    • Baŝto@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      2
      ·
      8 months ago

      Well, finding and reading this file definitely takes some effort, but an attacker can get your passwords that way as long as kwallet is unlocked.

      They just need to run kwallet-query -r KeepassXC kdewallet to get the password and then download ~/passwords.kdbx