Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support --secret flag setting x-kde-passwordManagerHint #177

Open
yorickvP opened this issue May 22, 2023 · 5 comments · May be fixed by #214
Open

Support --secret flag setting x-kde-passwordManagerHint #177

yorickvP opened this issue May 22, 2023 · 5 comments · May be fixed by #214
Labels
enhancement New feature or request

Comments

@yorickvP
Copy link

Some password managers, like kde wallet and keepassxc, mark copied passwords as "secret", by
offering the mimetype x-kde-passwordManagerHint with the value secret.
This stops clipboard managers from saving passwords in history, and optionally stops KDE Connect from forwarding this clipboard data to other devices.

It would be nice to have support for this in wl-clipboard, so I can safely use it to copy passwords from my password store. Adding arbitrary multi-mime copy seems complicated, but it should be easy to add a flag to mark copy data as secret.
@bugaevc bugaevc added the enhancement New feature or request label May 22, 2023
@bugaevc
Copy link
Owner

bugaevc commented May 22, 2023

Hm, sounds like a good idea indeed, thanks for bringing it to my attention!

It's kind of a shame that this is KDE-specific, I'd prefer a more generic solution at the Wayland protocol level. But on the other hand wl-clipboard has never shied away from making use of GTK- and wlroots-specific protocols, so why not support a KDE-specific MIME type as well.

It would probably make sense to also expose this is in wl-paste --watch as CLIPBOARD_STATE=sensitive in the new CLIPBOARD_STATE protocol, which is about to be released in 2.2.0. So the flag should probably be named --sensitive as well.

@yorickvP
Copy link
Author

I'm currently using this patch

@bugaevc bugaevc mentioned this issue Aug 9, 2023
Closed
@bugaevc bugaevc mentioned this issue Jan 28, 2024
Closed
@yorickvP yorickvP linked a pull request Feb 25, 2024 that will close this issue
Open
This was referenced Apr 11, 2024
Open
Draft
@Cybso
Copy link

Cybso commented May 23, 2024

I wrote a similar request at https://bugs.kde.org/show_bug.cgi?id=487359 yesterday and was referred to the x-kde-passwordManagerHint. Is there any chance that this pull request gets merged into main?

@Lcchy
Copy link

Lcchy commented Dec 12, 2024

To maybe help this to move forward:

I have compared the 2 open PRs that aim to close this issue (#214 and #204) and I think that #204 should be preferred.

#214 is overwriting the copied text, making it unavailable to paste, which is not what a user intends after calling wl-copy.

#204 allows to paste the sensitive data but sets CLIPBOARD_STATE=sensitive in the environment for downstream programs to decide themselves what to do (like cliphist, which doesn't save the entry). This follows the manpage entry of wl-clipboard under CLIPBOARD_STATE.

@jleeuwes
Copy link

jleeuwes commented Jan 2, 2025
edited
Loading

#214 is overwriting the copied text, making it unavailable to paste, which is not what a user intends after calling wl-copy.

I can't reproduce this problem. First I run echo supersecretpassword | wl-copy --sensitive. Then I check the clipboard with wl-paste --list-types:

text/plain
text/plain
text/plain;charset=utf-8
TEXT
STRING
UTF8_STRING
x-kde-passwordManagerHint

Ignoring the double text/plain entry, which also happens with an unpatched version of wl-copy, the list contains a x-kde-passwordManagerHint entry with contents secret, plus an text/plain entry with the actual password in it:

$ wl-paste --type=text/plain
supersecretpassword

$ wl-paste --type=x-kde-passwordManagerHint
secret

This seems like the correct behaviour to me. I think #214 should be merged as-is.

Edit: the patched wl-copy from #214 also works nicely in combination with the patched wl-paste from #204:

$ echo regulartext | wl-copy

$ wl-paste --watch bash -c 'echo $CLIPBOARD_STATE'
data
^C

$ echo supersecretpassword | wl-copy --sensitive

$ wl-paste --watch bash -c 'echo $CLIPBOARD_STATE'
sensitive

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Support --sensitive flag setting x-kde-passwordManagerHint yorickvP/wl-clipboard
5 participants
@Cybso @yorickvP @jleeuwes @bugaevc @Lcchy