KDE Wallet
KDE Wallet Manager is a tool to manage passwords on the KDE Plasma system. Using the KWallet subsystem allows a user to keep its own secrets, but also allows a user to access passwords stored by every application that integrates with KWallet.
A wallet (in the KDE’s terminology, sometimes called vault or keyring) is an encrypted volume protected by a user-defined password where user and/or software can store secrets (often, credentials when the user checked «Remember the account» in an application). Those vaults can be created and used manually by the user or created and used automatically in the background by some software that integrates with the wallet subsystem (e.g. mail applications or games). Vaults are often decrypted automatically at the user login using a PAM module (see below).
- If you only need to have a wallet available for applications using it, it is suggested to use the default name (i.e. kdewallet ) and the same password as the user (for PAM).
- Wallets are are stored as encrypted files using the .kwl extension in the ~/.local/share/kwalletd directory by default.
Note: Since KDE Frameworks 5.97.0 KDE Wallet supports org.freedesktop.secrets DBus API and can now be used by libsecret for storing and retrieving passwords and other secrets using the Secret Service API.
Installation
KDE Wallet is often shipped with the KDE Plasma desktop environment. The wallet subsystem can be manually installed with the kwallet package.
Optionally install the kwalletmanager package for the wallet management tool. This tool can be used to graphically create and manage a KDE Wallet.
Configuration
Unlock KDE Wallet automatically on login
To unlock KDE Wallet automatically on login, install kwallet-pam for the PAM compatible module. The chosen KWallet password must be the same as the current user password.
- kwallet-pam is not compatible with GnuPG keys, the KDE Wallet must use the standard blowfish encryption.
- When using autologin, the wallet can only be unlocked if the autologin method saves the password. pam_autologin does, for example.
- The wallet cannot be unlocked when using a fingerprint reader to login
- The wallet must be named kdewallet (default name). It does not unlock any other wallet(s).
- If using KDE, one may want to disable Close when last application stops using it in KDE Wallet settings to prevent the wallet from being closed after each usage (Wi-Fi-passphrase unlock, etc.).
- It may be needed to remove the default created wallet first, thus removing all stored entries.
- If the kwallet Migration Assistant asks for a password after every login, rename or delete the ~/.kde4/share/apps/kwallet folder.
Tip: An alternative is to use KWalletManager and set an empty Kwallet-password, thus preventing the need of entering a password to unlock a wallet. Simply do not enter a password on both fields in Change Password... This may however lead to unwanted (read/write) access to the user’s wallet. Enabling Prompt when an application accesses a wallet under Access Control is highly recommended to prevent unwanted access to the wallet.
Configure PAM
The following lines must be present under their corresponding sections:
auth optional pam_kwallet5.so session optional pam_kwallet5.so auto_start
Edit the PAM configuration corresponding to your situation:
- For SDDM no further edits should be needed because the lines are already present in /etc/pam.d/sddm .
- For LightDM no further edits should be needed because the lines are already present in /etc/pam.d/lightdm and /etc/pam.d/lightdm-autologin .
- For GDM edit /etc/pam.d/gdm-password accordingly.
- For greetd edit /etc/pam.d/greetd accordingly.
- For unlocking on tty login (no display manager, or like greetd-tuigreet ), edit /etc/pam.d/login accordingly. You will need to specify the force_run parameter.
/etc/pam.d/login
auth optional pam_kwallet5.so session optional pam_kwallet5.so auto_start force_run
/etc/pam.d/greetd
#%PAM-1.0 auth required pam_securetty.so auth requisite pam_nologin.so auth include system-local-login auth optional pam_kwallet5.so account include system-local-login session include system-local-login session optional pam_kwallet5.so auto_start force_run
Tips and tricks
Using the KDE Wallet to store ssh key passphrases
Set the SSH_ASKPASS environment variable to ksshaskpass and SSH_ASKPASS_REQUIRE to prefer (prefer to use the askpass program instead of the TTY). To set it automatically on each login, create the following environment.d(5) file:
~/.config/environment.d/ssh_askpass.conf
SSH_ASKPASS=/usr/bin/ksshaskpass SSH_ASKPASS_REQUIRE=prefer
Restart your session (i.e. relogin) so that the environment variables take affect.
The first time you try to use an SSH key, you will get asked for its passphrase. Make sure to check the Remember password checkbox. Next time, the passphrase will be read from KDE Wallet.
Using the KDE Wallet to store Git credentials
Git can delegate credential handling to a credential helper. By using ksshaskpass as a credential helper, the HTTP/HTTPS and SMTP passwords can be safely stored in the KDE Wallet.
Configure Git by setting the GIT_ASKPASS environment variable:
~/.config/environment.d/git_askpass.conf
GIT_ASKPASS=/usr/bin/ksshaskpass
Tip: If the SSH_ASKPASS environment variable is set to ksshaskpass, then additionally setting GIT_ASKPASS is not required.
See gitcredentials(7) for alternatives and more details.
Store GPG key passphrases
Native KDE windows can be used to prompt for GPG key passphrases and save them in KDE Wallet.
Configure gpg-agent to use /usr/bin/pinentry-qt .
Enable the Secret Service interface. There are two ways to do this:
- Go to System Settings > KDE Wallet and enable Use KWallet for the Secret Service interface.
- Edit the KDE Wallet configuration file:
~/.config/kwalletrc
[org.freedesktop.secrets] apiEnabled=true
Close the wallet and reopen it to affect these changes. You can do this using kwalletmanager or by issuing commands to Qt D-Bus directly:
$ qdbus org.kde.kwalletd6 /modules/kwalletd6 closeAllWallets $ qdbus org.kde.kwalletd6 /modules/kwalletd6 open kdewallet 0 $0
KDE Wallet for Chrome and Chromium
Chrome/Chromium/Opera has built in wallet integration. To enable it, run Chromium with the —password-store=kwallet5 or —password-store=detect argument. To make the change persistent, see Chromium#Making flags persistent. (Setting CHROMIUM_USER_FLAGS will not work.)
Query passwords from the terminal
Instead of storing passwords in plain text files, you can manually add new entries in your wallet and retrieve them with kwallet-query.
For example, if you want to log into the Docker Hub registry with Podman, which supports getting the passwords from stdin with the —password-stdin flag, you can use the following command to login:
$ kwallet-query -r folder_entry wallet_name -f folder_name | podman login docker.io -u dockerhub_username --password-stdin
This way, your password is not stored in any text file and neither is it stored in the terminal history file.
Unlocking KWallet automatically in a window manager
To unlock KWallet protected by the login password, it is necessary to add
exec --no-startup-id /usr/lib/pam_kwallet_init
to the configuration file of the window manager in addition to configuring PAM.
Disable KWallet
In case you want to permanently disable kwallet:
~/.config/kwalletrc
[Wallet] Enabled=false
Automatic D-Bus activation
Most applications use org.freedesktop.secrets.service D-Bus service. KWallet does not provide a service file for it out of the box.
You can achieve automatic activation by creating such service file:
~/.local/share/dbus-1/services/org.freedesktop.secrets.service
[D-BUS Service] Name=org.freedesktop.secrets Exec=/usr/bin/kwalletd6
See also
- Wikipedia:KWallet
- Unlocking KWallet with PAM
- org.freedesktop.secrets DBus API initial support
disable kwallet kubuntu kde 20.04
I get asked to unlock the keyring (kwallet) every time I open vscode. How do I have the kring work with vscode . I tried disabling kwallet once before and I lost all of my passwords in chrome and network. Normal keyring suggestions just don’t work with kde. I never understood the purpose of keyrings.. it should work with your login and end there. Keyring for vscode works in Gnome but not kde they say. Is there a way to have chrome save my passwords and like my phone does without kwallet? When I was on eOS (ubuntu 18.04) , I just set the password to «» and everything was fine. Is there a way to do that with kwallet?
Bhikkhu Subhuti
asked Jul 26, 2020 at 0:40
Bhikkhu Subhuti Bhikkhu Subhuti
1,252 2 2 gold badges 19 19 silver badges 33 33 bronze badges
2 Answers 2
You can enable and disable the KDE wallet subsystem by doing the following:
- In the Application Launcher, open «KDE Wallet(KDE Wallet Configuration)«
- Uncheck the Box «Enable the KDE wallet subsystem»
- Click «OK«
answered Jul 26, 2020 at 1:46
12.3k 8 8 gold badges 26 26 silver badges 55 55 bronze badges
Now I lost all my passwords. Basically it should remember things when I log in. The keyring can do this and I’m ready to swap out kubuntu because of this wallet thing.
Jul 26, 2020 at 8:42
sorry.. I edited.. the problems like this are usually solved by installing seahorse and setting the password to nothing.. but I’m not clear how to do this for kwallet. If I disable, then I don’t have my passwords for netlogin
Jul 28, 2020 at 1:02
«setting the password to nothing» kdewallet actually works the exact same way. If you don’t enter a master password, you won’t be promoted for it when there is a call for a password stored in the wallet.
Jul 28, 2020 at 4:03
Let me try this tomorrow as well. I did that too and had to reboot and it worked. I’ll edit your answer and mark as solved if okay tomorrow . Much appreciated.. I’ll also inform other places too that complained about this.
Jul 28, 2020 at 12:12
It still asked me for my password this morning. Sometimes it does not ask right away. Maybe there is a way to disable in vscode. The feature is more annoying than it saves me time.. I only need password for when I push to the server which is one out o ten or so opens.
How to disable Kwallet in kde plasma 5? [closed]
Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed last year .
The community reviewed whether to reopen this question last year and left it closed:
Original close reason(s) were not resolved
In KDE4 that was quite simple. There was a Kwallet section in System Settings. I’ve tried to remove kwallet package, but plasma depends on it.
asked Apr 12, 2015 at 20:26
user1476061 user1476061
related topic about KF5, ksshaskpass and kwallet on archlinux forum, might help someone.
Jul 22, 2015 at 7:36
9 Answers 9
To disable the KDE wallet:
- Go to the KDE menu.
- Type «wallet», this will show KWalletManager .
- Go to Settings .
- Uncheck Enable the KDE wallet subsystem .
30.4k 22 22 gold badges 136 136 silver badges 168 168 bronze badges
answered Jul 13, 2015 at 10:45
Vincent Vandalon Vincent Vandalon
559 4 4 silver badges 2 2 bronze badges
The question is about kde plasma 5. It does NOT have Kwallet secition in system settings.
– user1476061
Jul 13, 2015 at 15:22
@Alexander It’s not in the system settings, its in kde menu. Just click the start menu and type ‘wallet’, you will see the mentioned application.
Aug 21, 2015 at 6:24
@AdamKowalski There is no such application. Again, we are talking about kde5, not kde4
– user1476061
Aug 21, 2015 at 15:01
@Alexander I have plasma5 and i have mentioned app by default, look here: s16.postimg.org/ia0m6a3r9/kde5_trimmed.png Try to run it from terminal by typing ‘kwalletmanager’. If packet is not installed you should be able to install it from repo and then run it to finally disable that thing.
Aug 24, 2015 at 8:00
works fine on Kubuntu 16.04, where step (4) reads like Enable KWallet system . After logging out and back in, I’m not prompted for its password anymore. Sweet!
Jan 17, 2017 at 10:17
As far as I know, there is no Kwallet section in System Settings. There should be a kwallet service in the taskbar, but I could not find one. Furthermore, I was not able to remove or disable Kwallet entirely. However, I was able to stop the nagging. Here’s what I did:
- Remove or rename the following files: .config/kwalletrc , .kde4/share/apps/kwallet/* and .kde4/share/config/kwalletrc .
- If you are logged into Plasma, log out.
- Log back in. Kwallet will try to nag you to set a password.
- Enter an empty password and ignore the warning that empty passwords are unsafe.
When this wizard has been finished, Kwallet should not be bothering you anymore.
Another note: this workaround is for Plasma 5.X versions up to 5.2. I am not sure about 5.3 and beyond.
answered Apr 29, 2015 at 13:57
derjoachim derjoachim
272 1 1 gold badge 2 2 silver badges 7 7 bronze badges
I can’t get your workaround working with Plasma 5.3.
Jun 22, 2015 at 11:39
to remove the password from the wallet, you can also start the kwalletmanager and then click on »change password«
Nov 17, 2016 at 11:23
You could also edit file ~/.kde/share/config/kwalletrc : adding to [Wallet] section just one line
Enabled=false
would disable kwallet popups.
If you have ~/.config/kwalletrc file, do the same with it.
How to disable KDE Wallet?
I’m using Ubuntu Maverick (Gnome), a month ago I updated like usual whenever Update Manager informed me of new updates. The thing that happened is that a program called kdewallet got installed on my machine, and every time I try to do something that requires password like svn , it pops up and starts getting really annoying. How can I get rid of it? It’s not even in the Synaptic Package Manager.
5,689 4 4 gold badges 32 32 silver badges 45 45 bronze badges
asked Jun 6, 2011 at 8:28
David Weng David Weng
463 1 1 gold badge 4 4 silver badges 6 6 bronze badges
You tagged it «kde», are you using Gnome or KDE? (just to be sure, kde could be a dependency of an other program)
Jun 6, 2011 at 8:48
As far as I know, Ubuntu uses Gnome and Kubuntu uses KDE. Is that right? and I don’t really know why a program called kde-something is running on my computer!
Jun 7, 2011 at 0:29
5 Answers 5
KDE Wallet is a core part of KDE, it’s in the package kdebase-runtime .
To disable it run kcmshell4 kwalletconfig and continue at step 3 or start from the beginning:
- Start System setings
- Open Account Details
- Go to the «KDE Wallet» tab
- Uncheck Enable the KDE Wallet subsystem
- Click Apply to apply the changes and close the settings window.
To get a list of the programs that depends on the kdebase-runtime package, run:
apt-cache --no-enhances --no-suggests --no-recommends --installed rdepends kdebase-runtime
On Ubuntu, the output shows just «kdebase-runtime [newline] Reverse Depends:». On Kubuntu, a whole list follows.
76.7k 33 33 gold badges 191 191 silver badges 313 313 bronze badges
answered Jun 6, 2011 at 8:45
Lekensteyn Lekensteyn
175k 66 66 gold badges 315 315 silver badges 404 404 bronze badges
I can’t find this System settings you’re talking about, I’m using Ubuntu, don’t know if it’s the case in Kubuntu!
Jun 7, 2011 at 0:26
@David Weng: try running the kcmshell4 kwalletconfig command directly. Could you paste the output of apt-cache —no-enhances —no-suggests —no-recommends —installed rdepends kdebase-runtime on paste.ubuntu.com and add that link in a comment?
Jun 7, 2011 at 7:34
This works for some applications but not chrome. I think because there are multiple kwallets floating around. See superuser.com/questions/994551/…
Nov 2, 2015 at 2:30
This doesn’t work anymore in (K)Ubuntu 15.10.
Feb 5, 2016 at 13:34
In Plasma kcmshell5 kwalletconfig5 worked for me.
Oct 4, 2016 at 7:36
I got rid of the «KDE Wallet System» dialog (whenever I started Chrome) as follows:
-
Edit ~/.config/kwalletrc (see note below), and add
[Wallet] Enabled=false
I found this option when I looked through the source code (on kde.org or at the Github mirror).
If putting kwalletrc in ~/.config does not work, then your system probably uses a different directory for storing configuration files. The config file is created in a directory identified by QStandardPaths::GenericConfigLocation , so I used qtpaths to look up the path ( ~/.config = /home/rob/.config in my case):
$ qtpaths --paths GenericConfigLocation /home/rob/.config:/etc/xdg
Note: if you don’t want to completely disable kwallet, but only for Chrome, you can use the —password-store=basic flag as I explained at Disable kwallet popups from chrome. If you start Chrome via a wrapper script or shortcut, I recommend using —password-store=basic in case you need kwallet for something else. I disabled kwalletd instead of using this flag because I develop Chrome, and it’s inconvenient to add this flag all the time when I run ./chrome .
(Tested on ArchLinux, but it should also work on Ubuntu. Use sudo apt-get install qttools5-dev-tools if you want to use qtpaths to find the configuration directory).