{"id":31544593,"url":"https://github.com/swiesend/secret-service","last_synced_at":"2025-10-04T13:48:47.829Z","repository":{"id":39653428,"uuid":"167244254","full_name":"swiesend/secret-service","owner":"swiesend","description":"A Java library for storing secrets under linux in the gnome-keyring over D-Bus. Like libsecret, but for Java.","archived":false,"fork":false,"pushed_at":"2024-07-03T06:02:09.000Z","size":592,"stargazers_count":33,"open_issues_count":12,"forks_count":9,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-07-30T12:47:16.120Z","etag":null,"topics":["dbus","dbus-java","gnome","gnome-keyring","java","java-library","jvm","keyring","libsecret","linux","password","password-store","password-vault","scala","secret-service","secrets","storing-secrets"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/swiesend.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2019-01-23T19:51:45.000Z","updated_at":"2025-03-03T12:21:21.000Z","dependencies_parsed_at":"2023-12-01T22:26:26.741Z","dependency_job_id":"2d6cda2a-0499-4141-8cf3-5526f6ec5177","html_url":"https://github.com/swiesend/secret-service","commit_stats":null,"previous_names":[],"tags_count":20,"template":false,"template_full_name":null,"purl":"pkg:github/swiesend/secret-service","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/swiesend%2Fsecret-service","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/swiesend%2Fsecret-service/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/swiesend%2Fsecret-service/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/swiesend%2Fsecret-service/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/swiesend","download_url":"https://codeload.github.com/swiesend/secret-service/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/swiesend%2Fsecret-service/sbom","scorecard":{"id":861921,"data":{"date":"2025-08-11","repo":{"name":"github.com/swiesend/secret-service","commit":"c0406b0579852252b38448973774fa49cb78f077"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.2,"checks":[{"name":"Code-Review","score":1,"reason":"Found 3/22 approved changesets -- score normalized to 1","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 11 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-24T01:33:20.945Z","repository_id":39653428,"created_at":"2025-08-24T01:33:20.945Z","updated_at":"2025-08-24T01:33:20.945Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278322187,"owners_count":25967873,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-04T02:00:05.491Z","response_time":63,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dbus","dbus-java","gnome","gnome-keyring","java","java-library","jvm","keyring","libsecret","linux","password","password-store","password-vault","scala","secret-service","secrets","storing-secrets"],"created_at":"2025-10-04T13:48:45.609Z","updated_at":"2025-10-04T13:48:47.818Z","avatar_url":"https://github.com/swiesend.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Secret Service\n\n[![Maven Central](https://img.shields.io/maven-central/v/de.swiesend/secret-service.svg?label=Maven%20Central)](https://search.maven.org/search?q=g:%22de.swiesend%22%20AND%20a:%22secret-service%22)\n\nA Java library for storing secrets in a keyring over the D-Bus.\n\nThe library is conforming to the freedesktop.org\n[Secret Service API 0.2](https://specifications.freedesktop.org/secret-service/0.2) and thus compatible with Gnome linux systems.\n\nThe Secret Service itself is implemented by the [`gnome-keyring`](https://wiki.gnome.org/action/show/Projects/GnomeKeyring) and provided by the [`gnome-keyring-daemon`](https://wiki.gnome.org/Projects/GnomeKeyring/RunningDaemon).\n\nThis library can be seen as the functional equivalent to the [`libsecret`](https://wiki.gnome.org/Projects/Libsecret) C client library.\n\n## Related\n\nFor KDE systems there is the [`kdewallet`](https://github.com/purejava/kdewallet) client library, kindly provided by [@purejava](https://github.com/purejava).\n\n## Security Issues\n\n### CVE-2018-19358 (Vulnerability)\n\nThere is a current investigation on the behaviour of the Secret Service API, as other applications can easily read __any__ secret, if the keyring is unlocked (if a user is logged in, then the `login`/`default` collection is unlocked). Available D-Bus protection mechanisms (involving the busconfig and policy XML elements) are not used by default. The Secret Service API was never designed with a secure retrieval mechanism.\n\n* [CVE-2018-19358](https://nvd.nist.gov/vuln/detail/CVE-2018-19358) Base Score: __[7.8 HIGH]__, CVSS:3.0\n\n## Usage\n\nThe library provides a simplified high-level API, which sends only transport encrypted secrets over the D-Bus.\n\n### Dependency\n\nAdd the `secret-service` as dependency to your project. You may want to exclude the `slf4j-api` if you use an incompatible version. The current version requires at least _JDK 17_.\n\n```xml\n\u003cdependency\u003e\n    \u003cgroupId\u003ede.swiesend\u003c/groupId\u003e\n    \u003cartifactId\u003esecret-service\u003c/artifactId\u003e\n    \u003cversion\u003e2.0.1-alpha\u003c/version\u003e\n    \u003cexclusions\u003e\n        \u003cexclusion\u003e\n            \u003cgroupId\u003eorg.slf4j\u003c/groupId\u003e\n            \u003cartifactId\u003eslf4j-api\u003c/artifactId\u003e\n        \u003c/exclusion\u003e\n    \u003c/exclusions\u003e\n\u003c/dependency\u003e\n```\n\n### High-Level API\n\n```java\npublic class Example {\n\n    @Test\n    @DisplayName(\"Create a password in the user's default collection (/org/freedesktop/secrets/aliases/default).\")\n    public void createPasswordInDefaultCollection() throws IOException, AccessControlException, IllegalArgumentException {\n        try (SimpleCollection collection = new SimpleCollection()) {\n            String item = collection.createItem(\"My Item\", \"secret\");\n\n            char[] actual = collection.getSecret(item);\n            assertEquals(\"secret\", new String(actual));\n            assertEquals(\"My Item\", collection.getLabel(item));\n\n            collection.deleteItem(item);\n        } // clears automatically all session secrets in memory, but does not close the D-Bus connection.\n    }\n\n    @Test\n    @DisplayName(\"Create a password in a non-default collection (/org/freedesktop/secrets/collection/xxx).\")\n    public void createPasswordInNonDefaultCollection() throws IOException, AccessControlException, IllegalArgumentException {\n        try (SimpleCollection collection = new SimpleCollection(\"My Collection\", \"super secret\")) {\n            String item = collection.createItem(\"My Item\", \"secret\");\n\n            char[] actual = collection.getSecret(item);\n            assertEquals(\"secret\", new String(actual));\n            assertEquals(\"My Item\", collection.getLabel(item));\n\n            collection.deleteItem(item);\n            collection.delete();\n        } // clears automatically all session secrets in memory, but does not close the D-Bus connection.\n    }\n\n    @Test\n    @DisplayName(\"Create a password with additional attributes.\")\n    public void createPasswordWithAttributes() throws IOException, AccessControlException, IllegalArgumentException {\n        try (SimpleCollection collection = new SimpleCollection(\"My Collection\", \"super secret\")) {\n            // define unique attributes\n            Map\u003cString, String\u003e attributes = new HashMap();\n            attributes.put(\"uuid\", \"42\");\n\n            // create and forget\n            collection.createItem(\"My Item\", \"secret\", attributes);\n\n            // find by attributes\n            List\u003cString\u003e items = collection.getItems(attributes);\n            assertEquals(1, items.size());\n            String item = items.get(0);\n\n            char[] actual = collection.getSecret(item);\n            assertEquals(\"secret\", new String(actual));\n            assertEquals(\"My Item\", collection.getLabel(item));\n            assertEquals(\"42\", collection.getAttributes(item).get(\"uuid\"));\n\n            collection.deleteItem(item);\n            collection.delete();\n        } // clears automatically all session secrets in memory, but does not close the D-Bus connection.\n    }\n\n    // The D-Bus connection gets closed at the end of the static lifetime of `SimpleCollection` by a shutdown hook.\n\n}\n```\n\n__Closing the D-Bus connection:__\n\nThe D-Bus connection is closed eventually at end of the static lifetime of `SimpleCollection` with a shutdown hook and not by auto-close. One can also close the D-Bus connection manually by calling `SimpleCollection.disconnect()`, but once disconnected it is not possible to reconnect.\n\n__SimpleCollection-Interface:__\n\nFor Further methods and attributes checkout the [SimpleCollection-Interface](src/main/java/org/freedesktop/secret/simple/interfaces/SimpleCollection.java).\n\n__Transport Encryption:__\n\nFor the details of the transport encryption see: [Transfer of Secrets](https://specifications.freedesktop.org/secret-service/ch07.html),\n[Transport Encryption Example](src/test/java/org/freedesktop/secret/integration/IntegrationTest.java)\n\n### Low-Level API\n\nThe low-level API gives access to all defined D-Bus `Methods`, `Properties` and `Signals` of the Secret Service interface:\n\n* [Service](src/main/java/org/freedesktop/secret/Service.java)\n* [Collection](src/main/java/org/freedesktop/secret/Collection.java)\n* [Item](src/main/java/org/freedesktop/secret/Item.java)\n* [Session](src/main/java/org/freedesktop/secret/Session.java)\n* [Prompt](src/main/java/org/freedesktop/secret/Prompt.java)\n\nFor the usage of the low-level API see the tests:\n\n* [ServiceTest](src/test/java/org/freedesktop/secret/ServiceTest.java)\n* [CollectionTest](src/test/java/org/freedesktop/secret/CollectionTest.java)\n* [ItemTest](src/test/java/org/freedesktop/secret/ItemTest.java)\n* [SessionTest](src/test/java/org/freedesktop/secret/SessionTest.java)\n* [PromptTest](src/test/java/org/freedesktop/secret/PromptTest.java)\n\n#### D-Bus Interfaces\n\nThe underlying introspected XML D-Bus interfaces are available as [resources](src/test/resources).\n\n## Contributing\n\nYou are welcome to point out issues, file PRs and comment on the project.\n\nPlease keep in mind that this is a non-profit effort in my spare time and thus it may take some time until issues are addressed.\n\n## Thank You\n\nSpecial thanks goes out to\n* [@purejava](https://github.com/purejava) for all the help!\n* [@hypfvieh](https://github.com/hypfvieh) for providing and maintaining the [`dbus-java`](https://github.com/hypfvieh/dbus-java) library.\n* [@infeo](https://github.com/infeo) for bug tracking like a king.\n* [@overheadhunter](https://github.com/overheadhunter) for providing enhancements all over the place.\n* [@jmehrens](https://github.com/jmehrens) for pointing out several issues and explaining them.\n* [@aanno](https://github.com/aanno) for pointing out multiple issues.\n* [@shocklateboy92](https://github.com/shocklateboy92) for making things spec compliant.\n* [@invidian](https://github.com/invidian) for preparing KeePassXC support.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fswiesend%2Fsecret-service","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fswiesend%2Fsecret-service","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fswiesend%2Fsecret-service/lists"}