A D-Bus service that implements the Secret Service API (org.freedesktop.secrets) and an SSH agent, backed by Bitwarden.
Apps using libsecret (git, browsers, GNOME apps, etc.) can store and retrieve credentials from your Bitwarden vault, and SSH keys can be served from Bitwarden SSH Key items.
- Bitwarden CLI (
bw) installed and logged in - A prompt backend for unlocking the vault:
- Recommended: Noctalia + plugin in
noctalia-bitwarden-keyring/ - Or:
zenity,kdialog,rofi,systemd-ask-password dmenuis only used with--allow-insecure-prompts
- Recommended: Noctalia + plugin in
Arch Linux:
makepkg -siManual (system-wide, matches dist/org.freedesktop.secrets.service):
go build -o bitwarden-keyring ./cmd/bitwarden-keyring
sudo install -Dm755 bitwarden-keyring /usr/bin/bitwarden-keyring
sudo install -Dm644 dist/org.freedesktop.secrets.service /usr/share/dbus-1/services/org.freedesktop.secrets.serviceUser install (no root): copy dist/org.freedesktop.secrets.service to ~/.local/share/dbus-1/services/ and update its Exec= path to wherever you installed bitwarden-keyring.
Optional systemd user unit (often used with D-Bus activation): dist/bitwarden-keyring.service.
Normally you don't start it manually: it autostarts via D-Bus activation when an app requests org.freedesktop.secrets.
Quick test:
# Store a secret
secret-tool store --label="Test" service example.com username joe
# Retrieve a secret
secret-tool lookup service example.com username joeDebug run:
bitwarden-keyring --debugEnable Noctalia prompts:
bitwarden-keyring --noctalia
# or:
BITWARDEN_KEYRING_NOCTALIA=1 bitwarden-keyringInstall the Noctalia plugin from this repo:
mkdir -p ~/.config/noctalia/plugins
cp -r noctalia-bitwarden-keyring ~/.config/noctalia/plugins/bitwarden-keyringDetails: noctalia-bitwarden-keyring/README.md.
Only one service can own org.freedesktop.secrets. Disable/uninstall other Secret Service providers (e.g. gnome-keyring, kwalletd, keepassxc Secret Service integration).
Full flag list: bitwarden-keyring --help.
- Components:
--components=secrets(Secret Service only)--components=ssh(SSH agent only)- Default is
secrets,ssh; if both are enabled and one fails to start, the process exits
- Bitwarden API port:
--bw-port <port>(preferred)--port <port>is deprecated (compat)
- Session persistence:
- Prefer setting
BW_SESSION(if you manage sessions externally) - Or use
--session-store=fileand--session-file <path>
- Prefer setting
If running under systemd and bw is not found, add PATH via an override:
systemctl --user edit bitwarden-keyring.serviceBaseline unit: dist/bitwarden-keyring.service.
- "name already owned": another provider owns
org.freedesktop.secrets(see Conflicts) - no prompt shows up: install/configure a prompt backend (or Noctalia plugin)
- service starts then exits under systemd: ensure
bwis in the service PATH; consider--components=secrets - breaking CLI changes:
CHANGELOG.md
MIT