DISCLAIMER: I cannot judge the design decisions of the Raspberry Pi OS team. Do this at your own risk. No warranty. This is for Bookworm.
I use an OpenVPN connection with my Raspberry Pi 5. When I save the VPN password, I get a dialog asking me to create a keyring by providing a password for it. This password, if it matches the user login password, should automatically unlock the keyring on login. This is guaranteed to happen only when automatic login to the desktop is disabled and you login by entering your password before the desktop is shown. This is the theory, but in Raspberry Pi OS Bookworm that does not happen. I also noticed, related to this, that when a keyring exists and it has a password (which it should always have), Chromium asks for it even if it does not securely stores the user's website passwords on it. This is a nuisance because you have to provide it at least once per session. I noticed then that Chromium, given the password or not, allows the user to view saved websites passwords, a BIG security issue. So I set to see if something could be done. This is my solution; it will configure the desktop to unlock the keyring automatically on login; it will configure Chromium to use the secure GNOME password store; any system credentials stored on the keyring, like my VPN's, will automatically unlock. YOU WILL LOSE ALL YOUR CHROMIUM SAVED PASSWORDS in the process, but all new ones will be encrypted and unreadable if not correctly logged with your desktop password.
sudo apt install libpam-gnome-keyring
sudo nano /etc/pam.d/lightdm
There are two lines in this file that start with a hyphen (-), and mention pam_gnome_keyring. Remove the hyphen on both lines and save the file.
sudo nano /etc/chromium.d/01-libsecret-flags
Add these two lines to the new file and save it:
# Use GNOME libsecret
export CHROMIUM_FLAGS="$CHROMIUM_FLAGS --password-store=gnome-libsecret"
reboot!
When asked to provide a password for the default keyring, be sure to type EXACTLY your user login password, so the keyring will be automatically unlocked on successful login. Configure your Raspberry to disable desktop auto login Reboot again.
I use an OpenVPN connection with my Raspberry Pi 5. When I save the VPN password, I get a dialog asking me to create a keyring by providing a password for it. This password, if it matches the user login password, should automatically unlock the keyring on login. This is guaranteed to happen only when automatic login to the desktop is disabled and you login by entering your password before the desktop is shown. This is the theory, but in Raspberry Pi OS Bookworm that does not happen. I also noticed, related to this, that when a keyring exists and it has a password (which it should always have), Chromium asks for it even if it does not securely stores the user's website passwords on it. This is a nuisance because you have to provide it at least once per session. I noticed then that Chromium, given the password or not, allows the user to view saved websites passwords, a BIG security issue. So I set to see if something could be done. This is my solution; it will configure the desktop to unlock the keyring automatically on login; it will configure Chromium to use the secure GNOME password store; any system credentials stored on the keyring, like my VPN's, will automatically unlock. YOU WILL LOSE ALL YOUR CHROMIUM SAVED PASSWORDS in the process, but all new ones will be encrypted and unreadable if not correctly logged with your desktop password.
sudo apt install libpam-gnome-keyring
sudo nano /etc/pam.d/lightdm
There are two lines in this file that start with a hyphen (-), and mention pam_gnome_keyring. Remove the hyphen on both lines and save the file.
sudo nano /etc/chromium.d/01-libsecret-flags
Add these two lines to the new file and save it:
# Use GNOME libsecret
export CHROMIUM_FLAGS="$CHROMIUM_FLAGS --password-store=gnome-libsecret"
reboot!
When asked to provide a password for the default keyring, be sure to type EXACTLY your user login password, so the keyring will be automatically unlocked on successful login. Configure your Raspberry to disable desktop auto login Reboot again.
Statistics: Posted by ottod — Sat May 17, 2025 4:38 am — Replies 0 — Views 40