tested on Garuda Linux with GUI used to add password

1 files changed, 59 insertions, 0 deletions

diff --git a/Mounting-on-login-with-KDE-Wallet.md b/Mounting-on-login-with-KDE-Wallet.md
new file mode 100644
index 0000000..f325142
--- /dev/null
+++ b/Mounting-on-login-with-KDE-Wallet.md
@@ -0,0 +1,59 @@
+To automatically mount an encrypted folder at user login, KDE users can use KDE Wallet to store gocryptfs passwords. There are several steps to achieve this.
+
+# Prerequisites
+
+KDE Wallet and KDE Wallet Manager (GUI) should be installed when KDE Desktop is installed. To use KDE Wallet, the KDE Wallet subsystem should be enabled and the user should be logging in to the KDE desktop.
+
+# Unlock KDE Wallet automatically at login
+
+The PAM unlocks only the default `kdewallet` on login, and the wallet password should be set identical to the user login. Note that only login by using password (passing the wallet secret) can unlock the wallet, not by biometrics / autologin.
+
+To enable unlock of KDE Wallet, these lines should be present in the relevant PAM settings:
+
+```
+auth            optional        pam_kwallet5.so
+session         optional        pam_kwallet5.so auto_start
+```
+
+The relevant file depends on the login manager used, such as:
+
+-   `/etc/pam.d/sddm` for SDDM
+-   `/etc/pam.d/gdm-password` for GDM
+-   `/etc/pam.d/lightdm` for LightDM
+-   `/etc/pam.d/login` (the `session` part should be set to `pam_kwallet5.so auto_start force_run`)
+
+The files might differ for each distribution, consult the distribution's help like [KDE Wallet on Arch Linux Wiki](https://wiki.archlinux.org/title/KDE_Wallet#Configure_PAM).
+
+# Storing the gocryptfs password
+
+Store the password (key `gocryptfspass` in (default) folder `Passwords` is used in this example):
+
+-   Using KDE Wallet manager (kwalletmanager):
+    -   Expand the relevant folder (`Passwords`)
+    -   Under the folder, right click on **Passwords** and select **New**
+    -   Enter the label (`gocryptfspass`)
+    -   Click **Show Contents** and type your gocryptfs password
+    -   Click **Save**
+-   Using CLI:  
+    `echo "YOUR_PASSWORD_HERE" | kwallet-query -f Passwords -w gocryptfspass kdewallet`
+
+Now the stored password can be accessed using
+
+```bash
+kwallet-query -f Passwords -r gocryptfspass
+```
+
+The password can be used with the `--extpass` option:
+
+```bash
+gocryptfs --extpass="kwallet-query -f Passwords -r gocryptfspass kdewallet" /path/to/encyrpted/folder /path/to/plain/folder
+```
+
+To have the mounted folder start when logging into KDE, create the a desktop file in autostart folder `~/.config/autostart` (like `~/.config/autostart/mount-gocryptfs.desktop`) with the previous command:
+
+```
+[Desktop Entry]
+Exec=gocryptfs --extpass="kwallet-query -f Passwords -r gocryptfspass kdewallet" /path/to/encyrpted/folder /path/to/plain/folder
+Name=mountgocryptfs
+Type=Application
+```