Support for org.freedesktop.secrets was added in https://invent.kde.org/frameworks/kwallet/-/merge_requests/11
The original description is left for reference below
https://mail.kde.org/pipermail/plasma-devel/2016-July/055641.html
KWallet plays a central role in Plasma and many KDE applications as the central password storage. However, it being very old and not having been actively developed for a long time, it has lots of problems, including:
- It has weak security, as it does not restrict applications accessing it by default, and even when it does, it does so simply based on application name which allows any malicious process to impersonate an allowed one
- The initial setup has huge usability problems, as it forces users to make a choice on a very advanced technical level (encryption methods, no less!), and the option it suggests (GPG) is a nightmare to set up for ordinary users
- It does support unlocking via PAM, but does not tell users what they need to do to make that work, which results in most users having to enter the KWallet password at each system start, which many find very annoying (we get lots of negative feedback for that)
- It works only with KDE Frameworks-based applications
- One cannot easily write a QML GUI for it, making it unsuitable for mobile
Valentin has been working on KSecretService for quite a while, which is based on the freedesktop Secrets API [1] that is also supported in GNOME Keyring, and would solve many (and ideally all) of the above problems. However, Valentin told me he does not have the time to work on KSecretService any more.
This means we have to find a solution to these problems. The options I see currently are- Improve KWallet (unlikely to fix all the problems without massive changes in it, though)
- Find someone to finish and maintain KSecretService
- Build a wrapper around one of the other existing keyring technologies
- Each application (and each Plasma component that stores passwords) implements its own encrypted password storage
- We make encrypted password storage optional and non-default (easiest solution, but not exactly in line with KDE's vision)
Adding some more:
- kwallet dialog allows keyloggers on X11 (in defence of KWallet, I only know of pinentry which handles this properly at the cost of severely degraded user experience)
- kwallet does not protect against ptrace (I didn't add the protection, due to the keylogger rendering it point less)
- kwallet dialog windows sometimes are placed at the bottom of the stack due to focus stealing prevention (this happens for example with akonadi/other daemons)
- kwallet shows total giberish like "kded requested to open the wallet"
- if one doesn't unlock the wallet fast enough applications start asking for the password. So getting a coffee while desktop starts results in thousands of password windows.
https://specifications.freedesktop.org/secret-service/latest/
https://phabricator.kde.org/project/view/26/
https://phabricator.kde.org/source/ksecrets/
https://forum.kde.org/viewtopic.php?f=15&t=156925
https://bugs.kde.org/show_bug.cgi?id=313216
https://www.reddit.com/r/kde/comments/d8tjln/is_there_a_orgfreedesktopsecrets_implementation/