Requesting auto-connect for `password-manager-service` (Actioneer GNOME GitHub Actions client)

Makoni · November 13, 2025, 10:14am

test storage::secret_portal::tests::detects_secret_portal_when_available … ok To make the review of this request easier, the relevant details are below. Additional context follows in each section.

name: Auctioneer
description: Actioneer is a native GTK/libadwaita desktop client for GitHub Actions on Linux (GNOME)
snapcraft: actioneer-gtk/snapcraft.yaml at develop · makoni/actioneer-gtk · GitHub
upstream: GitHub - makoni/actioneer-gtk
upstream-relation: The snap publisher (Spaceinbox) maintains the upstream project
interfaces:
- password-manager-service:
  - request-type: auto-connection
  - reasoning: GitHub OAuth tokens must be stored in the system keyring. Without this plug the snap cannot reach Secret Service, forcing users to run sudo snap connect me.spaceinbox.actioneer:password-manager-service and leaving the app without secure storage.

Why we need the keyring plug

GitHub requires tokens to be stored securely. Actioneer relies on the keyring crate (libsecret) to integrate with the host Secret Service.
Without the interface the snap has no secure place for tokens; the UI treats the app as offline. We currently have a option to tell users to run:
```
sudo snap connect me.spaceinbox.actioneer:password-manager-service
```
This is a bad UX for first-run.

Security posture

The snap declares only this privileged interface.
All keyring operations go through the upstream keyring crate with runtime health checks, so we fail gracefully if the service is missing.
No extra host capabilities are accessed beyond the desktop Secret Service.

Portal fallback status

GNOME 49 introduces org.freedesktop.portal.Secret. Actioneer now includes an env-gated detector (ACTIONEER_ENABLE_SECRET_PORTAL=1) and the following test passes on GNOME 49:

ACTIONEER_ENABLE_SECRET_PORTAL=1 cargo test storage::secret_portal::tests::detects_secret_portal_when_available -- --ignored
...
test storage::secret_portal::tests::detects_secret_portal_when_available ... ok

Most distributions in 2025 (Ubuntu 24.04, Fedora 41) still ship portals without this interface. Until that changes, password-manager-service remains the only reliable way to reach secure storage across our user base.

Request

Please approve auto-connection of password-manager-service for the Actioneer snap. This removes the manual snap connect step and ensures GitHub tokens land in the host keyring. Once the Secret portal is ubiquitous we will flip the env gate and rely on it, but the interface is required today.

Thank you!

store-requests-bot · November 13, 2025, 11:00am

This request has been added to the queue for review by the @reviewers team.

jslarraz · November 14, 2025, 12:02pm

Hey @Makoni

First, connecting to the password-manager-service grants the snap access to all secrets stored in the session keyring. Thus, auto-connection is rarely granted and the user should decide (#voteAgainst).

Most distributions in 2025 (Ubuntu 24.04, Fedora 41) still ship portals without this interface.

Could you please provide some more context? Unless I’m missing something the secret portal was introduced in gnome-keyring 3.35.1 (https://gitlab.gnome.org/GNOME/gnome-keyring/-/commit/4010e268e6b88668e4ff017538ec42096057591c). According to that, it should be available in ubuntu since 20.04 release (https://launchpad.net/ubuntu/+source/gnome-keyring).