Password-manager-service not working with node-keytar

Thomas101 · February 2, 2018, 9:02am

I’ve been trying to store app passwords using node-keytar in our electron app. I added password-manager-service to our snap plugs and libsecret-1-0 to our stage-packages thinking this would be enough, but we’re getting an app armour denial with the suggestion of adding password-manager-service.

= AppArmor =
Time: Feb 2 00:54:16
Log: apparmor=“DENIED” operation=“dbus_method_call” bus=“session” path="/org/freedesktop/secrets" interface=“org.freedesktop.Secret.Service” member=“SearchItems” mask=“send” name=":1.3" pid=2948 label=“snap.wavebox.wavebox” peer_pid=1848 peer_label=“unconfined”
DBus access
Suggestion:

try adding ‘password-manager-service’ to ‘plugs’

This is with snap 2.30 and ubuntu 16.04. Not tried it on any other distributions as yet.

Is there any way to confirm that the password-manager-service plug is being set (although I’m 99% sure it is - but just in case) and where to start with the error?

Thanks very much!

ogra · February 2, 2018, 5:49pm

did you actually connect the password-manager-service interface after you added support for it to your snap ? (i dont think thats an auto-connecting interface)

Thomas101 · February 2, 2018, 8:44pm

I wasn’t aware that was a thing. I know this a complete newbie question, but do you know of any links/examples/docs that might help me get running with this? I couldn’t find anything solid after Googling.

ogra · February 2, 2018, 10:52pm

snap interfaces

…lists all available interfaces

snap connect <snapname>:<plugname>

… connects your application to the provided slot for the plug …
i.e. if you install the htop snap you do the following

snap install htop
snap connect htop:system-observe
snap connect htop:process-control

… now you can use htop normally (without the interfaces it only shows its own process and the shell that spawned it)

if you want more detailed info about an interface and what it does, there is the “snap interface” command:

$ snap interface system-observe
name:    system-observe
summary: allows observing all processes and drivers
plugs:
  - htop
slots:
  - core

and last but not least you can indeed disconnect a connected plug from the slot with the “snap disconnect” command …

Thomas101 · February 5, 2018, 9:27am

Awesome, thanks for the detailed explaination it really helps!