Summary of "This One Annoying Linux Problem Is Finally Ending"

Quick summary

This video explains work to reduce intrusive desktop “wallet”/keyring pop‑ups (GNOME Keyring, KWallet, etc.) by standardizing on the Secret Service DBus API so apps and different providers can interoperate. The changes aim to make secret storage seamless for users while enabling a migration path for legacy systems and apps.

Problem

Desktop keyring/wallet pop‑ups are frequent, poorly explained, and intrusive.
Users often disable the wallets or complain about repeated password prompts and session freezes.
Different desktops and apps use different secret stores, producing inconsistent behavior and multiple prompts.

What these wallets do

Store secrets such as SSH keys, browser/password store keys, and app credentials.
Provide a secure backend for apps and services to read/write secret data.

Technical fix

Adopt the cross‑desktop Secret Service DBus API as a single standard interface.
- This lets different providers (KWallet, gnome‑keyring, KeePassXC, oo7, etc.) interoperate.
- Apps can use a single API rather than bespoke code for each provider.

Libraries and integration

QtKeychain
- Recommended for KDE/Qt apps to use Secret Service on Linux and native key stores on Windows/macOS/Android.
- Enables cross‑platform secret storage without custom per‑platform code.
KWallet refactor
- Split KWallet into a KWallet‑compatibility layer and a Secret Service backend (KSecretD).
- Decouples the legacy KWallet API from the actual secret storage backend and provides a transparent migration path.
oo7
- A new Rust Secret Service provider intended to be lightweight and cross‑desktop.
- Designed to integrate natively with the environment and expect the desktop to supply native prompt UI (e.g., portals).

User experience goals

Make secret storage invisible by default:
- Automatically unlock on login (tied to the user password).
- Avoid first‑time blocking prompts.
Provide native‑looking password dialogs by integrating with the environment so prompts don’t feel alien when a component from a different toolkit is used.

Current status and caveats

KWallet can expose a Secret Service‑compatible interface; Plasma includes these changes (available in Plasma 6.6 and later).
A new client app (referenced as KeepSecret or similar) is in development to view/manage secrets across any Secret Service provider with a modern, mobile‑styled UI.
Migration pitfalls:
- During transition, different apps/providers may store secrets in different locations.
- Credentials can be lost unless migration/compatibility code is provided.
- Some third‑party apps may remain tied to old KWallet APIs for a long time.
Ongoing work:
- Port remaining apps to QtKeychain.
- Finish integration hooks.
- Track outstanding issues in a public tracking list.

Practical takeaways — what users can do now

Instead of disabling wallets, create a wallet and reuse your account password so it unlocks automatically and prompts stop.
If you want the newer UI, look for KeepSecret or similar packages (some distributions have packages such as an Arch package).
Expect gradual improvements in Plasma and KDE apps; full seamless behavior requires apps to be ported to the Secret Service/QtKeychain stack.

Sources / main speakers referenced

Nate Graham (PointiestStick) — KDE developer and frequent commentator on KWallet/Secret Service work.
KDE blog posts and tracking issues about migrating KWallet to Secret Service, KSecretD, and the new client app.
oo7 project — Rust Secret Service provider being integrated with Plasma.
QtKeychain — recommended API/library for apps to use Secret Service and native keyrings.
Mentioned providers: KWallet, gnome‑keyring, KeePassXC.
The video narrator/presenter summarizing and commenting on the developments.