subdavis
commented
5 years ago Hey, thanks for opening this issue!
I want to point out that Tusk cannot and should not be compared to KeePassXC-Browser.
It is more like KeePassXC, since it's a standalone application. Tusk, through the browser's standard API, has absolutely no secure way to persist your master key.
You have solved this problem with secret-tool, which is protected by your login keychain. Tusk cannot utilize the keychain, so any data that must persist through a browser restart must be stored in the clear on disk.
Until browsers can provide access to a secure storage area, this will not be supported.
I'd like to be able to keep Tusk always open without having to re-enter the master password to unlock it. I know there's a slider option to keep it open for x minutes to until browser close, but it would be nice to extend that little slider a bit more to keep it always unlocked. The drawback is somebody can have access to your passwords anytime they want on the local machine. But my local machine is fully encrypted and locked whenever I'm not at the keyboard. No other user accounts exist either. Having this option would make life easier as I could have a really strong password that's random characters and symbols and not have to copy and paste it into the unlock box everytime I start firefox.
As an alternative, I've looked at the KeePassXC Browser extension. It works well as I can get it to keep KeePassXC unlocked and running in the background without supplying a password (have secret-tool do it for me). But I would like to explore some of the functionality Tusk has to offer as an option to see if it's better for me.