quartz/content/10-19 LIFE/13 TECH SETUP/13.13 OS SETUP/Keychain.md

publish, permalink, title, created, modified, tags, cssclasses

publish	permalink	title	created	modified	tags	cssclasses
true	/os/keychain	Keychain	2026-01-29T21:15:48.335-07:00	2026-02-05T12:18:02.157-07:00	security secrets gnome-keyring

GNOME Keyring for managing secrets, SSH keys, and application passwords.

Installation

sudo pacman -S gnome-keyring libsecret seahorse

• gnome-keyring — The keyring daemon
• libsecret — Library for apps to access secrets
• seahorse — GUI for managing keyring

PAM Integration

Automatically unlock keyring on login.

Edit /etc/pam.d/login:

auth       optional     pam_gnome_keyring.so
session    optional     pam_gnome_keyring.so auto_start

For GDM/SDDM, also edit /etc/pam.d/passwd:

password   optional     pam_gnome_keyring.so

Hyprland Integration

Add to ~/.config/hypr/hyprland.conf:

exec-once = gnome-keyring-daemon --start --components=secrets,ssh

Set environment variables in hyprland.conf:

env = SSH_AUTH_SOCK,$XDG_RUNTIME_DIR/gcr/ssh

Or in your shell profile:

export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/gcr/ssh"

SSH Key Management

Add key to agent

ssh-add ~/.ssh/id_ed25519

List keys

ssh-add -l

GUI management

Launch Seahorse:

seahorse

Unlocking

If keyring doesn't auto-unlock:

# Manually unlock
gnome-keyring-daemon --unlock

# Or via secret-tool
secret-tool search --unlock xdg:schema org.gnome.keyring.Note

Application Support

Apps using libsecret (most modern apps) will automatically use gnome-keyring. For apps that need explicit setup:

Git credential storage

git config --global credential.helper /usr/lib/git-core/git-credential-libsecret

VS Code

VS Code uses gnome-keyring automatically for settings sync.

Resources

• Arch Wiki: https://wiki.archlinux.org/title/GNOME/Keyring