Recently Tube Converter has got a feature of storing credentials in a database, for downloading media files from websites that require a login. This database is encrypted with randomly generated password that is stored in default keyring using DBus Secret Service.
That’s why, the
password-manager-service plug is needed to talk with the DBus and generate these random passwords.
As per recent requests for
password-manager-service, the following advice applies:
When connecting the password-manager-service, your snap is able to access all stored secrets, but also your snap’s secrets can be accessed by any other applications with access to the service (including snaps which also have the password-manager-service connected). Since this may not be desirable or obvious to users, in general, we discourage auto-connection of password-manager-service and instead suggest that applications using this interface detect its availability (eg, with snapctl is-connected password-manager-service) and show a dialog with instructions on how to connect the interface manually (eg, with snap connect, the snap store GUI, etc). Ideally when instructing the user, the details of the access will be explained so the user can make an informed choice. While this is an extra step for the user, if done well the process should provide additional trust that your snap and the system as a whole are working together to keep the user’s passwords secure. Alternatively, the snap may choose to store the secrets outside the keyring in an area private to the snap.
-1 to auto-connect.
@dclane as I am advised by you before, I can understand the concern. But the issue is, this app needs it, as it allows the users to download videos from password-protected sites. The credentials are stored encrypted. Now, this can be done using portals, but it’s currently limited to
gnome-keyring only. It hasn’t yet been implemented in kde’s
kwallet. So, if we use portals, the guys using kde, will be left out.
Now coming to the manually done by user method. Can a normal user really understand this? If such a popup, with the command written in it comes up, almost big chunk of a people will paste it in the terminal as it is, without even them understanding it properly. Also, why should a normal user, who’s gonna install from a graphical store, need to do tasks specific for power users? I hope I am able to make you understand our POV. This same kind of issue also came up with Telegram. But, as I am actively involved in the development of this app, I can assure you that we’ll switch to portals, as soon as, kde implements it.
I agree with @dclane. In case of connecting to the
password-manager-service interface, secrets can be potentially accessed by any other snaps which also have the
password-manager-service connected and it might not be ideal and/or trivial to users.
As a result, we discourage
auto-connection of this interface and suggest to provide the user with a prompt in order to see if they are willing to connect the interface manually. This will surely let the user to make an informed decision in the situation.
Therefore, -1 from me as well.
Understood, however this does not negate the concerns we’ve listed above. I presume the snap can still function with a user manually adding their credentials? Also, using the
snap connect would work, and it’s not the only way: the permissions can also be updated through the store UI.
No, it’s a keyring function, within the app, which needs to be enabled in the app. Without that plug, in it’s current implementation, the app can’t work. And as said before, KDE still doesn’t support the dbus method.
So just pop up a kdialog message asking the user to manually connect from a command-chain script…
We must remember the difference between allowing a connection at all, and an automatic connection. The snap can still function with a manual connection. This would be consistent with other packages needing to use the
We are considering other factors. Thanks for the input. The only problem is new snap-store doesn’t have the plugs option any more. Again that’s a temporary problem. Should I raise a feature request for it?
0 vote for, 2 against. Not granting
What do you mean by new snap-store?
Snap Store from channel