Similarly to 1Password, Bitwarden Desktop makes use of libsecret to store session authentication tokens. (Specifically, session tokens for authenticating to the server). Note: This is not for storing user vault data, or keys that can unlock vault data. The intent is not to store passwords from the application into the keyring. Instead, it is to - instead of writing auth tokens to disk - storing them in the keyring.
From what I’m told, libsecret should automatically perform sandbox mediation on a new enough versions of the XDG portals that renders this obsolete, as the API’s should transparently change to allow your snap to see its own secrets but not other apps secrets. (Although other apps can still see yours, assuming they’re not also sandboxed).
I’ve not entirely confident how this works in practise but I’d love to know because I think the Joplin V3.1 release I need to package imminently has updates that might allow the same mechanism to work. So assuming no one chimes in sooner, I might be able to offer some advice on that soon.
Makes sense. Not sure about the libsecret version, since the snap base image is still somewhat old. I’m thinking about just dropping libsecret and switching to oo7 anyways, which should use the secrets portal, which as I understand is supported out of the box in snap (and flatpak)?
Feel free to discard the request for the autoconnect, and thank you for the feeback!