https://gitlab.gnome.org/World/secrets/ is a GNOME application that can load KeePassXC databases. It's in Debian: https://tracker.debian.org/pkg/secrets. See the discussions below, and in particular https://gitlab.tails.boum.org/tails/tails/-/issues/19136#note_256291, for a detailed comparison. Our main incentive for investing into this move is to save on recurring costs that are occurred by yet another less-well-integrated Qt app. It's not urgent at all, but we should keep this in mind as a possibility next time we need to spend time on KeePassXC problems. It avoids some problems that come with KeePassXC: - Poor integration with the on-screen keyboard to type the password that unlocks the database on startup (wb:cfc2d5aaa0e8ff5fdc64c08c4e312333) - Qt application does not fit well into a GNOME desktop For details, see sajolida's evaluation below. # Status On the backburner as a non-urgent investment we may want to do at some point to save on recurring costs. We can put in the work whenever it's a good time, e.g. because otherwise we have to invest into a KeePassXC migration of some sort. # Drawbacks - The navigation within the database uses the GNOME sidebars with a back button. The navigation of KeePassXC seems more traditional and users might get confused. - GNOME Secrets lacks the main keyboard shortcuts: Ctrl+V, Ctrl+B, and Ctrl+T. That's the most painful on a daily basis. - The search doesn't support space (" ") to search multiple terms and only does a literal search. For example, searching "gitlab tails" works to find the entry "GitLab Tails", but searching "tails gitlab" doesn't. - GNOME Secrets has no standalone password generator. Rather than being able to do so from a dedicated screen (and even without unlocking a database), in Secrets you must first open or create a database, and then you must press the "+" button to add a new entry before you are given access to the passphrase generator. - GNOME Secrets doesn't allow you to unlock a database without a passphrase. # To Do When we do the switch: * [x] Enable auto-save (for details, see discussion below)