Freedesktop.org Secret Storage Spec Server Side API

This plugin implements the Secret Storage specification version 0.2. While running KeePassXC, it acts as a Secret Service server, registered on DBus, so clients like seahorse, python-secretstorage, or other implementations can connect and access the exposed database in KeePassXC.

Configurable settings

The user can specify if a database is exposed on DBus, and which group is exposed.
Whether to show desktop notification is shown when an entry's secret is retrieved.
Whether to confirm for entries deleted from DBus
Whether to confirm each entry's access

Implemented Attributes on Item Object

The following attributes are exposed:

Key	Value
Title	The entry title
UserName	The entry user name
URL	The entry URL
Notes	The entry notes
TOTP	The TOTP code if the entry has one

In addition, all non-protected custom attributes are also exposed.

Implementation

FdoSecrets::Service is the top level DBus service
There is one and only one FdoSecrets::Collection per opened database tab
Each entry under the exposed database group has a corresponding FdoSecrets::Item DBus object.

Signal connections

Collection here means the Collection object in code. Not the logical concept "collection" that the user interacts with.

Collections are created when a corresponding database tab opened
If the database is locked, a collection is still created
When the database is unlocked, collection populates its children
If the unlocked database's exposed group is none, collection deletes itself
If the database's exposed group changes, collection repopulates
If the database's exposed group changes to none, collection deletes itself
If the database's exposed group changes from none, the service recreates a collection