I know, I know. Hear me out.
A more sensible longterm solution for secret (creds, keys) storage on Linux might be D-Bus.
There is an existing implementation/standard/specification: libsecret
It is essentially intended to be the backend equivalent of macOS's Keyring or Windows' DPAPI, and agnostic of GUI vs. headless, and/or which DE's/WMs/other environments users may be using.
GNOME, KDE, and a slew of other software already support it.
- It requires no direct user interaction (a user's session upon successful login automatically grants access to their secrets store)
- But allows for additional per-secret encryption if desired by user
- It is almost guaranteed to be on any Linux GUI system
- It's available cross-distro
- It requires no workarounds
Further, it appears that OpenVPN is already using D-Bus, so it should be a familiar protocol that integrates into existing codestyle, convention, and codebase practices for OpenVPN.
I know, I know. Hear me out.
A more sensible longterm solution for secret (creds, keys) storage on Linux might be D-Bus.
There is an existing implementation/standard/specification: [libsecret](https://wiki.gnome.org/Projects/Libsecret)
It is essentially intended to be the backend equivalent of macOS's Keyring or Windows' DPAPI, and agnostic of GUI vs. headless, and/or which DE's/WMs/other environments users may be using.
GNOME, KDE, and a slew of other software already support it.
* It requires no direct user interaction (a user's session upon successful login automatically grants access to their secrets store)
* But allows for additional per-secret encryption if desired by user
* It is almost guaranteed to be on any Linux GUI system
* And some headless
* It's available cross-distro
* It requires no workarounds
Further, it appears that OpenVPN is [already using D-Bus](https://codeberg.org/OpenVPN/gdbuspp), so it should be a familiar protocol that integrates into existing codestyle, convention, and codebase practices for OpenVPN.