mirror
/
fractal
mirror of https://gitlab.gnome.org/World/fractal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

docs: Fix instructions for secret storage

merge-requests/1327/merge
Kévin Commaille 3 years ago
parent
081950b220
commit
85672a312f
No known key found for this signature in database
GPG Key ID: DD507DAE96E8245C
1 changed files with 35 additions and 17 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 52
      README.md

52
README.md
Unescape View File

@ -83,23 +83,41 @@ flatpak install --user gnome-nightly org.gnome.Fractal.Devel
### Runtime Dependencies ### Runtime Dependencies
Fractal doesn't store your **password** but uses Fractal doesn’t store your **password**, but it stores your **access token** and the **passphrase**
[Secret Service](https://www.freedesktop.org/wiki/Specifications/secret-storage-spec/) used to encrypt the database and the local cache.
to store your **access token** and **passphrase** used to encrypt the local cache.
Therefore, you need to have software providing that service on your system. The stable Flatpak available on Flathub and any version that is not sandboxed rely on software that
If you're using GNOME this should just work. implements the [Secret Service API](https://www.freedesktop.org/wiki/Specifications/secret-storage-spec/)
If you are using a different desktop environment or are facing issues, to store those secrets. Therefore, you need to have software providing that service on your system,
make sure you have `xdg-desktop-portal` installed and a like gnome-keyring, KeepassXC ([setup guide](https://avaldes.co/2020/01/28/secret-service-keepassxc.html)),
[Secret Service](https://www.freedesktop.org/wiki/Specifications/secret-storage-spec/) provider, or a recent version of KWallet. If you are using GNOME this should just work.
for example `gnome-keyring` or KeepassXC ([setup guide](https://avaldes.co/2020/01/28/secret-service-keepassxc.html)).
With the nightly Flatpak, Fractal uses the [Secret portal](https://docs.flatpak.org/en/latest/portal-api-reference.html#gdbus-org.freedesktop.portal.Secret)
to store those secrets. Once again, if you are using GNOME this should just work. If you are using a
different desktop environment or are facing issues, make sure `xdg-desktop-portal` is installed
along with a service that provides the [Secret portal backend interface](https://docs.flatpak.org/en/latest/portal-api-reference.html#gdbus-org.freedesktop.impl.portal.Secret),
which is currently only implemented by gnome-keyring.
If you prefer to use other software that only implements the Secret Service API while using the
nightly Flatpak, you need to make sure that no service implementing the Secret portal backend
interface is running, and you need to allow Fractal to access the D-Bus service with this command:
```sh
flatpak override --user --talk-name=org.freedesktop.secrets org.gnome.Fractal.Devel
```
Or with [Flatseal](https://flathub.org/apps/details/com.github.tchx84.Flatseal), by adding
`org.freedesktop.secrets` in the **Session Bus** > **Talk** list of Fractal.
## Security Best Practices ## Security Best Practices
Additionally to setting up the [Secret Service](https://www.freedesktop.org/wiki/Specifications/secret-storage-spec/), You should use a strong **password** that is hard to guess to protect the secrets stored on your
make sure to use a strong **password** for the keyring, or for the user session if used to unlock the keyring device, whether the password is used directly to unlock your secrets (with a password manager for
(normally it's the case), since it will be used to encrypt secrets in **Secret Service**. example) or if it is used to open your user session and your secrets are unlocked automatically
Furthermore, make sure to lock your system when stepping away from the computer since an unlocked computer (which is normally the case with a GNOME session).
gives other people access to your private communications and stored secrets.
Furthermore, make sure to lock your system when stepping away from the computer since an unlocked
computer can allow other people to access your private communications and your secrets.
## Contributing ## Contributing
@ -125,9 +143,9 @@ Yes, the current development version (`main` branch) has encryption support usin
* Can I run Fractal with the window closed? * Can I run Fractal with the window closed?
Currently Fractal does not support this. Fractal is a GNOME application, and accordingly adheres GNOME Currently Fractal does not support this. Fractal is a GNOME application, and accordingly adheres to
guidelines and paradigms. This will be revisited if or when GNOME gets a proper paradigm to interact the GNOME guidelines and paradigms. This will be revisited if or when GNOME gets a proper paradigm
with apps running in the background. to interact with apps running in the background.
## The origin of Fractal ## The origin of Fractal

Write Preview
Loading…
Cancel
Save