#password #linux #keychain


Library to interface with Secret Service API

13 releases (stable)

3.0.1 Jan 31, 2023
2.0.2 Jun 28, 2022
2.0.1 Jan 7, 2021
1.1.3 Dec 13, 2020
0.2.0 Feb 10, 2016

#29 in Cryptography

Download history 20330/week @ 2023-11-02 26527/week @ 2023-11-09 31468/week @ 2023-11-16 18689/week @ 2023-11-23 21406/week @ 2023-11-30 22391/week @ 2023-12-07 19472/week @ 2023-12-14 10128/week @ 2023-12-21 14470/week @ 2023-12-28 23319/week @ 2024-01-04 25521/week @ 2024-01-11 61887/week @ 2024-01-18 74067/week @ 2024-01-25 42317/week @ 2024-02-01 33243/week @ 2024-02-08 22735/week @ 2024-02-15

185,114 downloads per month
Used in 77 crates (11 directly)



Secret Service

Secret Service Rust library.

Interfaces with the Linux Secret Service API through dbus.


Get Docs!

Basic Usage

secret-service is implemented in pure Rust by default, so it doesn't require any system libraries such as libdbus-1-dev or libdbus-1-3 on Ubuntu.

In Cargo.toml:

When adding the crate, you must select a feature representing your selected runtime and cryptography backend. For example:

secret-service = { version = "3.0.0", features = ["rt-tokio-crypto-rust"] }

Available feature flags:

  • rt-async-io-crypto-rust: Uses the async-std runtime and pure Rust crytography via RustCrypto.
  • rt-async-io-crypto-openssl: Uses the async-std runtime and OpenSSL as the cryptography provider.
  • rt-tokio-crypto-rust: Uses the tokio runtime and pure Rust cryptography via RustCrypto.
  • rt-tokio-crypto-openssl: Uses the tokio runtime and OpenSSL as the cryptography provider.

Note that the -openssl feature sets require OpenSSL to be available on your system, or the bundled feature of openssl crate must be activated in your cargo dependency tree instead.

In source code (below example is for --bin, not --lib). This example uses tokio as the async runtime.

use secret_service::SecretService;
use secret_service::EncryptionType;
use std::{collections::HashMap, error::Error};

async fn main() -> Result<(), Box<dyn Error>> {
    // initialize secret service (dbus connection and encryption session)
    let ss = SecretService::connect(EncryptionType::Dh).await?;

    // get default collection
    let collection = ss.get_default_collection().await?;

    // create new item
        "test_label", // label
        HashMap::from([("test", "test_value")]), // properties
        b"test_secret", // secret
        false, // replace item with same attributes
        "text/plain" // secret content type

    // search items by properties
    let search_items = ss.search_items(
        HashMap::from([("test", "test_value")])

    let item = search_items.unlocked.get(0).ok_or("Not found!")?;

    // retrieve secret from item
    let secret = item.get_secret().await?;
    assert_eq!(secret, b"test_secret");

    // delete item (deletes the dbus object, not the struct instance)


  • SecretService: initialize dbus, create plain/encrypted session.
  • Collections: create, delete, search.
  • Items: create, delete, search, get/set secret.


See the changelog file


This library is feature complete, has stabilized its API for the most part. However, as this crate is almost soley reliable on the zbus crate, we try and match major version releases with theirs to handle breaking changes and move with the wider zbus ecosystem.


Licensed under either of

at your option.


Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.


~351K SLoC