client: Add a helper for getting sandboxed app secret

bilelmoussaoui · bilelmoussaoui · commit 35dd1c930900 · 2026-03-29T23:26:56.000+02:00
diff --git a/client/src/keyring.rs b/client/src/keyring.rs
@@ -31,11 +31,7 @@ impl Keyring {
             #[cfg(feature = "tracing")]
             tracing::debug!("Application is sandboxed, using the file backend");
 
-            let secret = Secret::from(
-                ashpd::desktop::secret::retrieve()
-                    .await
-                    .map_err(crate::file::Error::from)?,
-            );
+            let secret = Secret::sandboxed().await?;
             match file::UnlockedKeyring::load(
                 crate::file::api::Keyring::default_path()?,
                 secret.clone(),
@@ -81,12 +77,7 @@ impl Keyring {
                     tracing::debug!("Unlocking file backend keyring");
 
                     // Retrieve secret from portal
-                    let secret = Secret::from(
-                        ashpd::desktop::secret::retrieve()
-                            .await
-                            .map_err(crate::file::Error::from)?,
-                    );
-
+                    let secret = Secret::sandboxed().await?;
                     let unlocked = locked.unlock(secret).await.map_err(crate::Error::File)?;
                     *kg = Some(file::Keyring::Unlocked(unlocked));
                 } else {
diff --git a/client/src/migration.rs b/client/src/migration.rs
@@ -7,11 +7,7 @@ use crate::{AsAttributes, Result, dbus::Service, file::UnlockedKeyring};
 /// Secret Service.
 pub async fn migrate(attributes: Vec<impl AsAttributes>, replace: bool) -> Result<()> {
     let service = Service::new().await?;
-    let secret = crate::Secret::from(
-        ashpd::desktop::secret::retrieve()
-            .await
-            .map_err(crate::file::Error::from)?,
-    );
+    let secret = crate::Secret::sandboxed().await?;
     let file_backend =
         match UnlockedKeyring::load(crate::file::api::Keyring::default_path()?, secret).await {
             Ok(file) => Ok(file),
diff --git a/client/src/secret.rs b/client/src/secret.rs
@@ -79,6 +79,16 @@ impl Secret {
         Ok(Self::blob(secret))
     }
 
+    /// Get the sandboxed app secret if the app is sandboxed using
+    /// org.freedesktop.portal.Secret portal.
+    pub async fn sandboxed() -> Result<Self, crate::file::Error> {
+        Ok(Self::blob(
+            ashpd::desktop::secret::retrieve()
+                .await
+                .map_err(crate::file::Error::from)?,
+        ))
+    }
+
     /// Create a text secret, stored with `text/plain` content type.
     pub fn text(value: impl AsRef<str>) -> Self {
         Self::Text(value.as_ref().to_owned())
