sbx: document Linux keychain fallback for headless hosts#25232
Conversation
On Linux without a running Secret Service (headless servers, some WSL setups), sbx falls back to an encrypted on-disk store instead of the OS keychain. Document where secrets are stored per platform in the credentials page and add a headless-Linux FAQ entry. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
✅ Deploy Preview for docsdocker ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
docker-agent
left a comment
docker-agent
left a comment
There was a problem hiding this comment.
Assessment: 🟢 APPROVE
The added content is well-structured and clearly documents the Linux keychain fallback behavior. No critical issues found — no vendored content, no missing redirects, no broken commands or incorrect facts. Cross-linking between faq.md and credentials.md uses correct relative paths and anchor fragments. Only minor style-guide items noted below.
| On Linux hosts without a running Secret Service — headless servers and some | ||
| WSL setups — `sbx` falls back to an encrypted file under your user config | ||
| directory (`$XDG_CONFIG_HOME/com.docker.sandboxes`, usually | ||
| `~/.config/com.docker.sandboxes`). The fallback is automatic and needs no |
There was a problem hiding this comment.
[LOW] Parentheses used in technical documentation
The Docker style guide says to avoid parentheses in technical documentation as they reduce readability. Consider inlining the default path directly:
$XDG_CONFIG_HOME/com.docker.sandboxes(usually~/.config/com.docker.sandboxes)
Could be rewritten as:
$XDG_CONFIG_HOME/com.docker.sandboxes, which defaults to~/.config/com.docker.sandboxeswhen$XDG_CONFIG_HOMEis unset
|
|
||
| - macOS: the system Keychain. | ||
| - Windows: the Windows Credential Manager. | ||
| - Linux: the Secret Service exposed by your desktop keyring, such as GNOME |
There was a problem hiding this comment.
[LOW] Non-parallel list items: Linux entry spans multiple sentences while macOS/Windows entries are single sentences
The macOS and Windows list items are each a single sentence, but the Linux item contains two sentences. For parallel structure, consider splitting the second sentence into a follow-up note or consolidating:
- Linux: the Secret Service exposed by your desktop keyring, such as GNOME Keyring or KDE Wallet.
Then cover the Ubuntu package detail in prose below the list.
| Yes. On Linux, `sbx` stores secrets in the Secret Service exposed by your | ||
| desktop keyring (GNOME Keyring or KDE Wallet). Headless servers and some WSL | ||
| setups have no running Secret Service, so `sbx` falls back to an encrypted file | ||
| under `$XDG_CONFIG_HOME/com.docker.sandboxes` (usually |
There was a problem hiding this comment.
[LOW] Parentheses used in technical documentation
Same parentheses pattern as in credentials.md (line 77). The style guide advises avoiding parentheses in technical docs. Consider:
$XDG_CONFIG_HOME/com.docker.sandboxes, which defaults to~/.config/com.docker.sandboxeswhen$XDG_CONFIG_HOMEis unset
akristen
left a comment
akristen
left a comment
There was a problem hiding this comment.
non-blocking nit: but our faq docs titles tend to be the plural faqs rather than faq.
3 participants
Summary
On Linux hosts without a running Secret Service (headless servers, some WSL setups),
sbxfalls back to an encrypted on-disk store instead of the OS keychain. This documents where secrets are stored per platform in the credentials page and adds a headless-Linux FAQ entry.Note
This documents behavior from the unreleased PR docker/sandboxes#3231. Hold merge until that change ships. Opened as a draft for that reason.
Learnings
Closes #linkage.Generated by Claude Code