SkillAgentSearch skills...

Credentialsd

Proposal for a Linux credential management xdg portal D-Bus specification, including webauthn/passkey support

GenerateConvertImprove

Install / Use

/learn @linux-credentials/Credentialsd
About this skill

Quality Score

0/100

Supported Platforms

Universal

README

credentialsd

A Linux Credential Manager API.

(Previously called linux-webauthn-platform-api.)

Goals

The primary goal of this project is to provide a spec and reference implementation of an API to mediate access to web credentials, initially local and remote FIDO2 authenticators. See GOALS.md for more information.

How to install

From packages

We have precompiled RPM packages for Fedora and openSUSE hosted by the Open Build Service (OBS). We also copy these for released versions to the release page.

There are several sub-packages:

  • credentialsd: The core credential service
  • credentialsd-ui: The reference implementation of the UI component for credentialsd.
  • credentialsd-webextension: Binaries and manifest files required for the Firefox add-on to function

From source

Alternatively, you can build the project yourself using the instructions in BUILDING.md.

How to use

Right now, there are two ways to use this service.

Experimental Firefox Add-On

There is an add-on that you can install in Firefox 140+ that allows you to test credentialsd without a custom Firefox build. You can get the XPI from the releases page for the corresponding version of credentialsd-webextension package that you installed.

Currently, this add-on only works for https://webauthn.io and https://demo.yubico.com, but can be used to test various WebAuthn options and hardware.

Experimental Firefox Build

There is also an experimental Firefox build that contains a patch to interact with credentialsd directly without an add-on. You can access a Flatpak package for it on OBS as well.

Contributing

We welcome contributions! See CONTRIBUTING.md for details.

Join the discussion on Matrix at #credentials-for-linux:matrix.org.

Mockups

Here are some mockups of what this would look like for a user:

Internal platform authenticator flow (device PIN)

Alternatively, lock out the credential based on incorrect attempts.

Hybrid credential flow

Security key flow

Related projects:

  • https://github.com/linux-credentials/libwebauthn (previously https://github.com/AlfioEmanueleFresta/xdg-credentials-portal)
  • authenticator-rs
  • webauthn-rs

Security Policy

See SECURITY.md for our security policy.

License

See the LICENSE.md file for license rights and limitations (LGPL-3.0-only).

linux-credentials

View profile

View on GitHub
GitHub Stars199
CategoryProduct
Updated2d ago
Forks9
linux-credentials/credentialsd

Languages

Rust

Security Score

100/100

Audited on Apr 8, 2026

No findings