-
Notifications
You must be signed in to change notification settings - Fork 241
Mounting on login with KDE Wallet
To automatically mount an encrypted folder at user login, KDE users can use KDE Wallet to store gocryptfs passwords. There are several steps to achieve this.
KDE Wallet and KDE Wallet Manager (GUI) should be installed when KDE Desktop is installed. To use KDE Wallet, the KDE Wallet subsystem should be enabled and the user should be logging in to the KDE desktop.
The PAM unlocks only the default kdewallet
on login, and the wallet password should be set identical to the user login. Note that only login by using password (passing the wallet secret) can unlock the wallet, not by biometrics / autologin.
To enable unlock of KDE Wallet, these lines should be present in the relevant PAM settings:
auth optional pam_kwallet5.so
session optional pam_kwallet5.so auto_start
The relevant file depends on the login manager used, such as:
-
/etc/pam.d/sddm
for SDDM -
/etc/pam.d/gdm-password
for GDM -
/etc/pam.d/lightdm
for LightDM -
/etc/pam.d/login
(thesession
part should be set topam_kwallet5.so auto_start force_run
)
The files might differ for each distribution, consult the distribution's help like KDE Wallet on Arch Linux Wiki.
Store the password (key gocryptfspass
in (default) folder Passwords
is used in this example):
- Using KDE Wallet manager (kwalletmanager):
- Expand the relevant folder (
Passwords
) - Under the folder, right click on Passwords and select New
- Enter the label (
gocryptfspass
) - Click Show Contents and type your gocryptfs password
- Click Save
- Expand the relevant folder (
- Using CLI:
echo "YOUR_PASSWORD_HERE" | kwallet-query -f Passwords -w gocryptfspass kdewallet
Now the stored password can be accessed using
kwallet-query -f Passwords -r gocryptfspass
The password can be used with the --extpass
option:
gocryptfs --extpass="kwallet-query -f Passwords -r gocryptfspass kdewallet" /path/to/encyrpted/folder /path/to/plain/folder
To have the mounted folder start when logging into KDE, create the a desktop file in autostart folder ~/.config/autostart
(like ~/.config/autostart/mount-gocryptfs.desktop
) with the previous command:
[Desktop Entry]
Exec=gocryptfs --extpass="kwallet-query -f Passwords -r gocryptfspass kdewallet" /path/to/encyrpted/folder /path/to/plain/folder
Name=mountgocryptfs
Type=Application