When it comes to managing passwords, there are several options available to you. Kubuntu Focus computers come with a couple of these pre-installed, but there are several others that you can find throughout the web.
Please read the disclaimer before proceeding. We review and update guided solutions like this regularly. If you have suggestions or requests, please write support@kfocus.org.
KDE Wallet is the default password manager on Kubuntu systems. It stores passwords completely encrypted and unlocks upon login. All KDE applications integrate with this password manager, and it stores Wi-Fi passwords, file manager passwords, and other system passwords. It can also integrate really well with Google Chrome and other browsers.
By default, the KDE Wallet master password is the same as your user password. For this reason, if you ever change your user password, your KDE Wallet password will no longer unlock automatically upon login. Fixing this is as easy as adjusting the wallet settings:
System Settings > Account Settings
Wallet Preferences
, make sure [x] Enable the KDE Wallet Subsystem
is selectedLaunch Wallet Manager
Wallet Manager
app appears, click on the top-right button labeled Change Password...
Some apps that typically require gnome-keyring need libsecret
capability. Recent versions of kwallet reportedly provide this capability through the qbus |grep -i secret
. This shows org.freedesktop.secrets service. One can inspect these services using sudo apt install qttools5-dev-tools && qdbusviewer
. However, since we use KeePassXC as our cross-platform password manager, we use it instead as described below.
KeePassXC is a cross-platform, sync-able, decentralized password management solution. It has plugins for Chrome (and other Chromium-based browsers), Firefox, and Android clients. We highly recommend this password solution. For many, it’s a great alternative to commercial services like LastPass and 1Password.
Important: if you are using the Thunderbird snap (the default), then you will need to make adjustments as shown in the Browsers Guided Solution.
Some apps that typically require gnome-keyring can use KeePassXC instead. Tested examples include VSCode Settings Sync
and Fortinet Client
. The key is to enable libsecret
capability. The steps below are from this answer:
sudo apt install libsecret-tools
). This provides the secret-tool
command.Tools > Settings > Secret-Service-Integration
and check the Enable KeePassXC Freedesktop.org Secret Service Integration
and click Ok
.Tools > Settings > Secret-Service-Integration
, click the General
tab, and then in the Exposed Database Groups
table, click the small pencil icon next to the database you want to host the secrets. This will show the Database Settings
dialog, which has a Secret Service Integration section. Click on Secret Service Integration
and then check the Expose entries under this group
radio option. Select the group you created in the second step, and click Ok
.secret-tool store --label='Created from cli' account test
, and then enter your desired password. You should be able to see this new credential in KeePassXCSome forum posts recommend installing Gnome Keyring; however, this can interfere with the KWallet subsystem. For this reason, we strongly recommend you try to use KeePassXC instead.
KeePassXC’s database file can be stored on a cloud drives with Dropbox, Google Drive, OneDrive, ownCloud, Nextcloud, or similar tool. This is required to synchronize across multiple devices. To learn more, visit the KeePassXC website documentation. In April 2023, the KeePassXC team released a reassuring security audit which we also encourage you to review.
Decentralized browser-based solutions exist as well, such as ownCloud and Nextcloud. These solutions require your own web server and adding the respective password management apps to the ownCloud and Nextcloud instances you run on those servers. For more information on these, see the links to the respective solutions.
Content will be added as needed.
This is a partial revision history. See the git
repository for all entries.
2023-06-28 e4a03c44
Include KeePassXC audit link2023-06-09 beb8e0bc
Add Fortinet advice, qdbusviewer2022-03-21 06240af7
Add KeePassXC libsecret advice2021-10-10 5728326e
Reformat to 2-column2021-09-22 dc862884
Update link and headline colors2021-08-23 681261b4
Review and update codeblocks2021-07-27 9e6157ce
Update KWallet advice2021-06-18 13c5e182
First publicationWe try hard to provide a useful solution validated by professionals. However, we cannot anticipate every situation, and therefore cannot guarantee this procedure will work for your needs. Always backup your data and test the solution to determine the correct procedure for you.
THIS SOLUTION IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOLUTION, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.