Bazzite, Wayland, Local Password Manager, Auto-Type?

dallebrinaar · December 6, 2025, 7:59pm

Is it possible to get Auto-Type working with local password managers in Bazzite?

As best I can tell, Bazzite with KDE Plasma is now strictly Wayland. When I tried to get a local password manager (KeepassXC) working, I found that Auto-Type did not work (it wasn’t even an option in the settings). I found references to a browser plugin to let KeepassXC do something similar to Auto-type in the browser, but since I also need passwords in local files and applications, that didn’t help. I also found references to setting an environment variable (QT_QPA_PLATFORM=xcb) in .bashrc. I thought that got things working, but after a reboot, the desktop was, essentially, gone: no taskbar, no system tray, no start button (sorry for the Windows-centric terminology). Removing that line from .bashrc fixed things. Since I think that line is supposed to set up an X11 server, I assume the Desktop going Tango Uniform with it means X11 just won’t run on Bazzite.

Is there, in fact, any way to actually get Auto-type working in Bazzite so a local password manager can work properly? Maybe I’m “holding it wrong” by trying to get Auto-type to work. Maybe there’s a better, more linux-centric or Wayland-centric way to do that. But, I couldn’t find it. I’d seen some references that someday, someone might come up with an API to allow password managers to securely communicate with browsers and other applications. But, even if that was in the works, it would be years before anything came of it. I’m not going to store my passwords (or some other equivalent) out in the cloud. I’m not going to store them in the various browsers I use. I need them for local files and applications as well as in browsers. Is there some solution I’m missing?

dallebrinaar · December 9, 2025, 12:21pm

Well, it looks like I’ll be staying trapped on Windows for a while longer. I HAVE to have a password manager that works with multiple browsers, local applications and local files. I can’t understand why there isn’t more noise about this. Surely Bazzite users use password managers. And, surely, some of them have to be using local (i.e., non-cloud-based) password managers.

Maybe I’m wrong about getting KeepassXC set up. But, here’s a 7 year old, unsolved issue on their github page about it:

gghardwareissues · December 9, 2025, 11:12pm

I think if you go to flatseal, search for keepassxc and scroll down to environment and there type in QT_QPA_PLATFORM=xcb you will get keepassxc running through xwayland (i think you can also just toggle off wayland and toggle on x11 in the same settings) . I think if you apply the same to your browser (via flatseal turn on x11 and turn off wayland) then you should be good to go. note that x11 is less “secure”, but it should work. I will qualify I haven’t tested it as I setup browser integration another way Installing 1Password in Bluefin, a better way? - #26 by jpl .

dallebrinaar · December 14, 2025, 1:25pm

Sorry for the delay in getting back. I’d already uninstalled Bazzite and had to re-install it to test this. Adding QT_QPA_PLATFORM=xcb to the KeepassXC Environment Variable area in Flatseal got things (mostly) working. It looks like window titles/names aren’t getting communicated to KeepassXC, so auto-type isn’t really “auto.” I have to filter the auto-type popup window to narrow down the selection. But, once I do that, I can at least use the password manager. Not the best of all worlds, but usable. Adding the environment variable and the X11 fallback options to the Brave entry didn’t help.

Also unfortunately, it looks like Browser Integration doesn’t work with the flatpak versions of KeepassXC and browsers. I assume that’s because of the sandboxes.

Hopefully, the KDE Plasma people can get this Wayland-level inter-app communication working in the near future (from what I can find, it looks like the Wayland people don’t want to do it).

Thanks for the reply. I can at least continue working with Bazzite and see if it’ll work for me.

gghardwareissues · December 14, 2025, 7:49pm

not sure how adventurous you are, but I think people have gotten flatpak keepassxc → flatpak browser working. It does escape the flatpak sandbox a little bit, but I use something similar for Bitwarden and for me having a working password manager > technically escaping the flatpak sandbox.

github.com/keepassxreboot/keepassxc-browser

Does not work with Flatpak browsers

opened 03:04AM - 15 Mar 21 UTC

candrapersada

platform: Linux software packages & sandboxes more info needed

## Expected Behavior ## Current Behavior KeePassXC-Browser in Chromi…um won't connect to KeePassXC even when database is open and Chromium is checked. ## Possible Solution ## Steps to Reproduce (for bugs) 1.Install KeePassXC on Linux from flathub.org and use or create a database. 2.Enable Browser Integration for Chromium. 3.Install Chromium on Linux from flathub.org. 4.Install KeePassXC-Browser extension from the Chrome Web Store. 5.Under Connected Databases in the settings of KeePassXC-Browser, click `Connect`. ## Debug info KeePassXC - {2.6.4} KeePassXC-Browser - {1.7.6} Operating system: Linux Flatpak - {1.10.2} Browser: Chromium and ungoogled-chromium

dallebrinaar · March 7, 2026, 12:46pm

I was doing ok with the QT_QPA_PLATFORM=xcb “fix” to get Autotype semi-working in KeePassXC until the Bazzite upgrade from F43.20260217 to F43.2026030. Unfortunately, something in the latest Bazzite release (and it looks like it started up at the Fedora level and trickled down) rendered Autotype almost completely useless (it now randomly lower-cases some upper-case symbols). I took a look at the link @gghardwareissues posted and am completely lost. I’m going to have to research that quite a bit in the hope I can understand it at some point and get it working for my Flatpak Brave browser and my flatpak KeePassXC password manager.

And, in case anyone’s interested, here are the various bugs I filed about this (all closed: KeePassXC doesn’t care about “only broken on one distro” (i.e., Fedora and all its offspring), Bazzite (rightfully) points upstream to Fedora, and Fedora says they’re not messing with Autotype things until KeePassXC supports Qt 6 (I think that’s what they mean – they pointed to a KeePassXC WIP issue))

github.com/keepassxreboot/keepassxc

AutoType Getting Case of Letters Wrong

opened 12:15PM - 04 Mar 26 UTC

closed 01:27PM - 04 Mar 26 UTC

ourichermath

platform: Linux feature: Auto-Type

### Have you searched for an existing issue? - [x] Yes, I tried searching and r…eviewed the pinned issues ### Brief Summary Suddenly, even though the KeePassXC version hasn't changed, AutoType is randomly getting the case of some letters wrong in both the username and password fields. The one's I've caught are putting lower case letters in where they should be upper case letters. EDIT1: The problem is actually worse than this. It's not just a change of letter case. I opened a word processing document and repeatedly did an AutoType of an entry into it. In one case, it actually substituted a number for a special character. In 4 attempts, 2 of them were AutoTyped wrong. EDIT2: Looking at the number/special character substitution, it turns out it "lower cased" the special character into the corresponding number on its keyboard key. Also, using the manual Copy username/password function within KeePassXC seems to work fine with a standard paste (so far). OP: This started a couple of days ago with the Bazzite upgrade from version F43.20260217 to F43.20260303. It's most likely whatever's causing this is from there instead of in KeePassXC, but I thought I'd report it here just in case. Here's some device info: https://paste.centos.org/view/4e39620b and Operating System: Bazzite 43 KDE Plasma Version: 6.6.1 KDE Frameworks Version: 6.23.0 Qt Version: 6.10.2 Kernel Version: 6.17.7-ba25.fc43.x86_64 (64-bit) Graphics Platform: Wayland Processors: 16 × AMD Ryzen 7 5800X3D 8-Core Processor Memory: 16 GiB of RAM (15.5 GiB usable) Graphics Processor: AMD Radeon RX 9070 XT Manufacturer: Gigabyte Technology Co., Ltd. Product Name: B550 VISION D-P System Version: -CF ### Steps to Reproduce 1. Visit a site that requires usernames/passwords (even better, just open a word processing document and AutoType into that repeatedly) 2. Use AutoType to enter those usernames/passwords 3. If the logon fails because the username/password doesn't match, compare (if possible) the entries in the browser against what they are in the KeePass data base. ### Expected Versus Actual Behavior I expected the AutoTyped entries to match the entries in the data base. ### KeePassXC Debug Information ```Text KeePassXC - Version 2.7.11 Revision: 01e5b6e Distribution: Flatpak Qt 5.15.18 Debugging mode is disabled. Operating system: KDE Flatpak runtime CPU architecture: x86_64 Kernel: linux 6.17.7-ba25.fc43.x86_64 Enabled extensions: - Auto-Type - Browser Integration - Passkeys - SSH Agent - KeeShare - YubiKey - Secret Service Integration Cryptographic libraries: - Botan 3.7.1 ``` ### Operating System Linux ### Linux Desktop Environment KDE ### Linux Windowing System Wayland

github.com/ublue-os/bazzite

F43.20260303: KeePassXC AutoType Getting Case of Letters Wrong

opened 12:27PM - 04 Mar 26 UTC

closed 04:42PM - 04 Mar 26 UTC

ourichermath

### Describe the bug I've reported this to KeePassXC, but since nothing has cha…nged with their system for months and this started with the Bazzite upgrade from F43.20260217 to F43.20260303, I'm assuming the problem lies somewhere in something that changed with that upgrade. Suddenly, even though the KeePassXC version hasn't changed, AutoType is randomly getting the case of some letters wrong in both the username and password fields. The one's I've caught are putting lower case letters in where they should be upper case letters. So far, using the manual copy username/password process in KeePassXC has worked fine. EDIT1: The problem is actually worse than this. It's not just a change of letter case. I opened a word processing document and repeatedly did an AutoType of an entry into it. In one case, it actually substituted a number for a special character. In 4 attempts, 2 of them were AutoTyped wrong. EDIT2: Looking at the number/special character substitution, it turns out it "lower cased" the special character into the corresponding number on its keyboard key. OP (cont): Here's some device info: https://paste.centos.org/view/4e39620b and Operating System: Bazzite 43 KDE Plasma Version: 6.6.1 KDE Frameworks Version: 6.23.0 Qt Version: 6.10.2 Kernel Version: 6.17.7-ba25.fc43.x86_64 (64-bit) Graphics Platform: Wayland Processors: 16 × AMD Ryzen 7 5800X3D 8-Core Processor Memory: 16 GiB of RAM (15.5 GiB usable) Graphics Processor: AMD Radeon RX 9070 XT Manufacturer: Gigabyte Technology Co., Ltd. Product Name: B550 VISION D-P System Version: -CF ### What did you expect to happen? I expected the AutoTyped entries to match the entries in the data base. ### Session Logs ```shell https://paste.centos.org/view/84113eb3 ``` ### Hardware Operating System: Bazzite 43 KDE Plasma Version: 6.6.1 KDE Frameworks Version: 6.23.0 Qt Version: 6.10.2 Kernel Version: 6.17.7-ba25.fc43.x86_64 (64-bit) Graphics Platform: Wayland Processors: 16 × AMD Ryzen 7 5800X3D 8-Core Processor Memory: 16 GiB of RAM (15.5 GiB usable) Graphics Processor: AMD Radeon RX 9070 XT Manufacturer: Gigabyte Technology Co., Ltd. Product Name: B550 VISION D-P System Version: -CF ### Extra information or context _No response_

Danathar · March 7, 2026, 3:46pm

Been thinking about your situation…as I lurked your thread

Here is my take. Opinion, of course.

Wayland is not X11, and X11 is not Wayland.

As far as KeePassXC goes, it is up to the developers to make their software work within the design and limitations of the Wayland stack. If Wayland’s security model does not allow something like traditional X11-style Auto Type, then KeePassXC may simply not be able to offer that feature under Wayland. KeePassXC itself states that Auto Type on Linux works only in an X11 session, not Wayland.

That may suck for the KeePassXC developers and for users because it can mean losing a feature that previously worked under X11. But if the platform does not provide a supported way to implement it, then it simply is not going to happen.

A somewhat similar example is 1Password (which I use). If you install 1Password as a Flatpak, communication between the browser extension and the desktop app can break. That is due to Flatpak’s sandboxing limits. It may very well be that AgileBits cannot support that feature when 1Password is installed as a Flatpak. I’ve just made the decision to use the Flatpak and accept that browser plugin to app communication is broken. The only solution is running Firefox and 1Password out of Distrobox or building my own custom image. For my desktop, I’ve chosen to stay on the mainline Aurora image rather than do my own custom (which I do for other stuff) because I value the integration testing the Universal Blue team does, and once I build my own image, now I have to take on some of that responsibility.

Tradeoffs. Some things are simply not solvable in the same way they worked before. If a feature you rely on is critical, you have to decide what you value more: the platform, the application, or the specific feature. You may need to switch to another password manager or use a system that still supports X11.

dallebrinaar · March 7, 2026, 6:53pm

From what I’ve been able to find, it looks like Autotype can’t work properly for any password manager. Wayland just doesn’t support the inter-app communication needed (and, apparently, won’t ever support it because of their security model). Everyone seems to be waiting for someone else (like KDE, I guess) to come up with a mechanism that will allow the needed inter-app communication in such a way that will work with Wayland (and possibly between flatpak sandboxes). I was mostly ok with that. But then this random lower-case thing happened.

I’ve been looking for other local, non-cloud password managers to try. But, really, the goto for Linux seems to be KeePassXC. I really don’t want to try a cloud-based password manager, but I’m starting to consider it. Of course, as you say, the inter-app communication problem exists there.

If I were to try a cloud-based password manager, I’m not sure which I’d try. The one I keep seeing recommended is Bitwarden. But, I’m wondering about Proton Pass since I already have access to it via my existing email subscription through them.

Danathar · March 7, 2026, 11:50pm

Well for what is worth, I’ve been a 1password user for over 10 years and been quite happy

inffy · March 8, 2026, 8:05am

I’ve been using Proton Pass from almost right when they launched it. It has worked fine but I mostly just use it with my browser and with their extension.

There is a unofficial flatpak for the desktop app but it won’t really provide anything extra.

dallebrinaar · March 8, 2026, 11:38am

Maybe I need to get a bit more serious about changing my password manager from KeePassXC. The following regards Secure Blue instead of Universal Blue, but still…:

github.com/secureblue/secureblue

[FEAT] Remove Qt 5

opened 01:22PM - 17 Feb 26 UTC

nihil-admirari

enhancement

### Benefit Mainstream support ended on [25 May 2025](https://endoflife.date/qt…). According to https://github.com/keepassxreboot/keepassxc/issues/7774, Gentoo and Alpine consider removing Qt 5 from their repositories. Silverblue [explicitly installs Qt 5 packages](https://pagure.io/workstation-ostree-config/blob/main/f/silverblue-common.yaml). Removing an unsupported framework receiving only ad-hoc patches from the KDE team will improve security. ### Solution ```sh dnf remove '*qt5*' ``` or BlueBuild equivalent of the above. ### Alternatives None. ### Declaration - [x] I agree to follow this project's [Code of Conduct](https://secureblue.dev/code-of-conduct). - [x] I declare that this is not a request for alternate community messaging or social platforms. - [x] I declare that I have read the [secureblue website](https://secureblue.dev/#about) and my feature request is in-scope.

“On a related note: KeePassXC failed to upgrade to Qt 6 in 6 years: keepassxreboot/keepassxc#7774. Maybe makes sense to remove it from curated Bazaar apps with GNOME Secrets taking its place? It’s not as feature-rich as KeePassXC, but at least it doesn’t depend on an outdated framework.”

dallebrinaar · March 9, 2026, 7:31pm

In case anyone’s looking for a script to set up the integration between KeePassXC (flatpak) and Brave (flatpak) on Bazzite (actually Kinoite – but since that’s also an atomic offshoot of Fedora, I figured it would work for Bazzite), I found this:

gist.github.com

https://gist.github.com/jim60105/314a696f94f308d9fbea5d0ea71bd76d

setup-brave-keepassxc.sh

#!/bin/bash
# Copyright (C) 2025 Jim Chen, licensed under GPL-3.0-or-later
#
# This script is rewritten from the solutions provided in the following comments, credited to Sergei von Alis(gasinvein) and Zihad(tazihad):
# - https://github.com/keepassxreboot/keepassxc-browser/issues/1631#issuecomment-1153736766
# - https://github.com/keepassxreboot/keepassxc-browser/issues/1631#issuecomment-1170629567
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or

This file has been truncated. show original

I did my best to look it over and compare it to other sources of manually configuring this and it seems good. It does seem to work.

Topic		Replies	Views
Installing 1Password in Bluefin, a better way? Bluefin	39	3376	September 19, 2025
Bazaar Crashing on Startup Bazzite	38	2823	July 24, 2025
Call for Testing: Bazaar as a Flathub store Bluefin	130	4723	June 23, 2025
Bazzite Buzz #12 Bazzite bazzite-news	2	4712	April 24, 2024
Bazzite July 2025 Update: Bazaar, Z13, Kernel 6.15, Steam Hardware Survey Bazzite announcements , bazzite-news	68	19606	July 17, 2025

Related topics