Label returns the empty string if collection is locked
I'm trying to fix an issue in aws-vault.
aws-vault is storing secrets in its own collection "awsvault". It is listing Items
and getting the Label
for each Item. It seems that this does not work if the collection is locked, since gnome-keyring is returning the empty string for each item.
Once the collection is unlocked, Label
returns the label correctly. Even if the collection is locked again, the Label
is still returned.
$ dbus-send --session --print-reply --dest=org.freedesktop.secrets /org/freedesktop/secrets/collection/awsvault/1 org.freedesktop.DBus.Properties.Get string:org.freedesktop.Secret.Item string:Label
method return time=1580906395.484191 sender=:1.71 -> destination=:1.74 serial=8 reply_serial=2
variant string ""
[unlocking the keyring with e.g. seahorse]
$ dbus-send --session --print-reply --dest=org.freedesktop.secrets /org/freedesktop/secrets/collection/awsvault/1 org.freedesktop.DBus.Properties.Get string:org.freedesktop.Secret.Item string:Label
method return time=1580906589.281955 sender=:1.71 -> destination=:1.77 serial=70 reply_serial=2
variant string "test"
[locking the keyring with e.g. seahorse]
dbus-send --session --print-reply --dest=org.freedesktop.secrets /org/freedesktop/secrets/collection/awsvault/1 org.freedesktop.DBus.Properties.Get string:org.freedesktop.Secret.Item string:Label
method return time=1580906640.451575 sender=:1.71 -> destination=:1.79 serial=199 reply_serial=2
variant string "test"
Is this behavior intended?
I would assume the label is not considered a secret, and should always be returned, even if the collection is locked. If for some reason the label is considered a secret, I would expect it is not returned after locking the collection again.