xdg-basedir for secrets

Jonas DOREL jonas.dorel at laposte.net
Thu Jun 13 19:48:49 UTC 2019


Apologies, but I will answer your questions in a different order that
you asked them :)

> I don't think it's very useful to decide that things seem "fundamentally different". There are thousands of different kinds of data, and we could spend our entire lives arguing about what semantic categories they should go into. Focus on the practical impacts.

I agree with you that there are a lot of different kinds of data. But I
think it would be useful to have a framework to make it easier to handle
them. This is why I think the following thread is interesting:
https://lists.freedesktop.org/archives/xdg/2019-June/014154.html

Maybe secrets are just a different kind of data, and they could be
handled in a subfolder/file with the same name in each application
folder. (But see the following paragraph on why I think they shouldn't be)

> What would be functionally different if they were in a separate directory? What would be the practical advantage to using the hypothetical 'secret' directory rather than 'data'?

One way this single folder could be used is to load all your secrets from a remote location in TMPFS (in memory filesystem). This would prevent secret from ever being written to memory (you should be careful about swap), while being transparent for tradition applications.

This is one case where treating secrets as regular data (so a secret
folder per application) wouldn't help. I do think there are others.

> What's the value in having different applications store their secrets in the same place? Hackers know which folder to steal first? ;-)

I don't think hackers are a concern on this. If they have access to your
documents, no matter where your secrets are, they would get them. But
having a single location (or locations that are easily caught with a
simple regex) makes protecting them easier.

> You started the thread with a mention of backups. I guess you want to exclude secrets from backups? Does it make a difference whether they're encrypted or not? Does it matter how strong the encryption mechanism or the key are ?

This is up to the user of those secrets to decide of the policy on how
to handle those files

> How useful would it be to specify a 'secrets' directory when there's no way to enforce the spec, so you can't assume it's the only place secrets are stored?

Even if the spec is not respected by every application (which is
currently the case for XDG BASE DIR), it dimish the amount of work you
have to do to locate ALL your secrets.


Jonas



More information about the xdg mailing list