xdg-basedir for secrets

[Jonas DOREL]

To me, secrets are fundamentally different from data (even confidential
data) because they serve as a mean to authenticate you or authorize your
utilisation of some services.


I guess the question is: should there be a dedicated folder for secrets
or should they just be in XDG_DATA_HOME and manage differently by the
applications (through your configuration) ?


Jonas DOREL


6/7/19 5:57 PM, Simon McVittie wrote:

> On Fri, 07 Jun 2019 at 15:19:25 +0200, Bardot Jérôme wrote:
>> Le 06/06/2019 à 23:15, Jonas DOREL a écrit :
>>> Currently, most secrets (SSH Keys, GPG Keys, OAuth token) seems to be
>>> located in XDG_CONFIG_HOME.
>> And they should not, secrets are data not config. (for me)
> For what it's worth, gnome-keyring's maintainers seem to agree (it uses
> XDG_DATA_HOME/keyrings).
>
>> For me as far as possible all /home data should have an as strict as
>> possible policy.
> Strict permissions are best-practice for all the XDG basedirs. The
> basedir spec says that applications writing to the basedirs should create
> XDG_CONFIG_HOME, XDG_DATA_HOME or XDG_CACHE_HOME with 0700 (rwx------)
> permissions if they don't already exist.
>
>> if i do it for my emails, or my calendars, or my bookmark we need a
>> strict policy behaviours.
> Yes, emails, calendars and bookmarks are examples of things that tend
> to contain private or sensitive information, and should not be readable
> by other users unless the owner has specifically configured that.
> In some cases these (especially emails) will contain passwords and
> other secrets.
>
> If 0700 permissions and whatever encryption-at-rest your OS/machine might
> have are not considered to be sufficient protection for a particular
> secret (for example a GPG or SSH key), then I would recommend using a
> USB cryptographic token (Nitrokey, Yubikey or similar) and not storing
> it on disk at all.
>
>     smcv