On Sat Feb 14, 2026 at 1:13 AM PST, Mikolaj Kucharski wrote: > On Thu, Feb 12, 2026 at 05:33:32PM +0000, Mikolaj Kucharski wrote: >> >> So far, I experimented with KeepassXC as Secret Service provider and I >> would not use it. >> > > For the context, reason I don't want to use KeepassXC as the Secret > Service provider: > > https://github.com/keepassxreboot/keepassxc/issues/13028
Unless I'm missing something, the controls seem reasonable. https://github.com/keepassxreboot/keepassxc/blob/develop/src/fdosecrets/README.md "The user can specify if a database is exposed on DBus, and which group is exposed." That, right there, you can specify a group in your database that constrains what the secret service can access, and it will only access secret service specific entries anyway. also: "Each entry under the exposed database group has a corresponding FdoSecrets::Item DBus object." Without looking at the code, the actual risks seem (imo) low, but I don't know your threat model. Cheers
