I’m little bit tired of keyring passwords prompt popups from every VM in which I want to use chromium/chrome, skype etc. I start thinking about using KeePassXC secret service integration with qubes-rpc services. Idea is to create separate group for each VM secret service in vault VM and then share it (only separate group for each VM) somehow using qubes-rpc service to KeePassXC instances configured as secret service agents in that VMs. Is it possible using keeshare or some keepass proxy?
Hmm, after some rethinking I think that should be done mostly as qubes-rpc for security reasons. So it should just proxing secret agent calls to “vault” VM in which it should be splited into separate keyrings/KeePassXC groups. Unfortunately it looks like it exceeds my knowledge of Linux internals to script it properly (and securely).
Maybe this could be related?
I saw it but it is about network integration that probably use some other API, but I will read it and check if it can be helpful. I also thinking of abusing split-gpg but I can’t find any info if gpg2 can be used to handle other secret service agent calls then gpg and ssh. If it possible it will be the best solution. Also I can just force chromium/chrome to use default password for builtin password manager which I don’t use. But I’m not sure if it use that secret only for storing passwords in password manager, and other apps like skype seems to use gnome-keyring for storing secrets that I use.