I love GNOME, but on my Pinebook Pro, I use the extremely well-supported Manjaro Pinebook Pro KDE Plasma edition. One of the biggest gripes I have with KDE Plasma is that it doesn’t automatically manage my OpenSSH and GPG keys. I’m used to having my SSH and GPG key unlocked automatically when I login in. As a developer who uses these constantly, this is very convenient. KDE Plasma works very well on the Pinebook Pro, but this is one feature I just had to figure out. While I attempted to make this work with KWallet, I gave up and switched to using GNOME Keyring. If you wish to obtain this convenience within KDE then read on.

Tutorial

This tutorial describes how to enable GNOME Keyring within Manjaro KDE to automically unlock your keyring, including SSH and GPG keys on login. For reference, this tutorial uses Manjaro Pinebook Pro KDE Plasma edition version 20.12. This tutorial provides instructions specific to the fish shell. Most of the steps here were taken directly from the Arch Wiki’s GNOME/Keyring page. Refer there for more information. You should be familiar with Manjaro, KDE Plasma, and the fish shell to get the most out of this tutorial.

  1. Install GNOME Keyring.

    ➜ pacman -S gnome-keyring
  2. Optionally, install the graphical Seahorse application to help manage your GNOME Keyring.

    ➜ pacman -S seahorse
  3. Add the GNOME Keyring’s PAM module to /etc/pam.d/login to unlock the GNOME Keyring on login.

    /etc/pam.d/login
    #%PAM-1.0
    
    auth       required     pam_securetty.so
    auth       requisite    pam_nologin.so
    auth       include      system-local-login
    auth       optional     pam_gnome_keyring.so (1)
    account    include      system-local-login
    session    include      system-local-login
    session    optional     pam_gnome_keyring.so auto_start (2)
    1 Add the auth type here.
    2 And add the session type here.
    For this to work, your keyring must use the same password you use to login.
  4. Autostart SSH and Secrets components of the GNOME keyring on login by copying their autostart files to your ~/.config/autostart directory.

    cp /etc/xdg/autostart/{gnome-keyring-secrets.desktop,gnome-keyring-ssh.desktop} ~/.config/autostart/
  5. Strip out the OnlyShowIn line from the autostart file for the Secrets component.

    sed -i '/^OnlyShowIn.*$/d' ~/.config/autostart/gnome-keyring-secrets.desktop
  6. Also strip out the OnlyShowIn line from the autostart file for the SSH component.

    sed -i '/^OnlyShowIn.*$/d' ~/.config/autostart/gnome-keyring-ssh.desktop
  7. Create the conf.d configuration directory for fish startup scripts in order to keep things tidy.

    mkdir ~/.config/fish/conf.d
  8. Export the SSH_AUTH_SOCK environment variable to GNOME Keyring’s ssh-agent in a shell startup file to make it available in your terminal.

    ~/.config/fish/conf.d/gnome-keyring-ssh-agent.fish
    if test -n "$DESKTOP_SESSION"
        set -x (gnome-keyring-daemon --start | string split "=")
    end
  9. Configure GnuPG to use GNOME Keyring to manage passphrase prompts.

    ~/.gnupg/gpg-agent.conf
    pinentry-program /usr/bin/pinentry-gnome3
  10. Log out and log back in for the changes to take effect.

  11. When asked to unlock your SSH and GPG keys, select the option to save them to your keyring and they’ll be available for you on subsequent logins!

Conclusion

You should now be able to have your GPG and SSH keys unlocked automatically when you login to your KDE environment.