Clarify headless Linux credential setup for sbx v0.31.1

[yoshinoriishii]

Summary

After upgrading to sbx v0.31.1, sbx login, sbx secret ls, and sbx daemon start fail on a headless Linux VM
unless a DBus session and GNOME Keyring Secret Service session are manually initialized first.

Environment

• OS: Ubuntu 24.04 noble on a headless GCE VM
• Session type: SSH only, no desktop login session
• Package: docker-sbx 0.31.1-1 ubuntu.24.04 noble
• sbx client: v0.31.1
• User: non-root Unix user

I could not find existing guidance for the required setup on headless Linux.

Observed behavior:

Without dbus-x11 installed, sbx daemon start fails with:

ERROR: load OAuth tokens: load tokens for anthropic: load tokens: failed to open dbus connection: exec: "dbus-
launch": executable file not found in $PATH

After installing dbus-x11, dbus-launch is available, but sbx login still fails in an SSH-only session:

WARN: unknown authentication error type encountered: retrieve default account metadata: failed to prompt: prompt
dismissed

Your one-time device confirmation code is:

Open this URL to sign in: https://login.docker.com/activate?user_code=<code>

Waiting for authentication...
ERROR: auth login failed: saving credentials: failed to prompt: prompt dismissed

sbx secret ls also fails similarly:

ERROR: list credentials: failed to prompt: prompt dismissed

Manual workaround:

If I manually start a DBus session and unlock GNOME Keyring in the same shell, credential-related commands can
proceed:

eval "$(dbus-launch --sh-syntax)"
printf '\n' | gnome-keyring-daemon --unlock --components=secrets >/tmp/sbx-keyring-env
. /tmp/sbx-keyring-env
rm -f /tmp/sbx-keyring-env

Then:

sbx login
sbx secret ls

Questions

1. Is dbus-x11 / dbus-launch an expected runtime dependency for Linux installs of docker-sbx?

2. On headless Linux, is sbx expected to create or unlock the Secret Service / GNOME Keyring session itself, or
   should users provision and unlock that session before running sbx?

3. What is the recommended setup for SSH-only Linux VMs where users need to run sbx login, sbx secret set, or sbx
   daemon start?

4. Is there a supported file-based or daemon-managed credential store fallback for headless Linux environments?

5. Should the Linux package depend on, recommend, or document packages such as dbus-x11 and gnome-keyring?

Expected behavior

One of the following should be true:

• sbx login and sbx secret work in a documented headless Linux environment.
• The required Secret Service / DBus / GNOME Keyring setup is clearly documented for headless Linux environments.

Impact

This affects automated or SSH-only workspace VMs. Installing dbus-x11 resolves the missing dbus-launch error, but
it is not sufficient unless a usable and unlocked keyring session is also available.

[dvdksn]

Same issue as #180

[kiview]

Hey @yoshinoriishii, so the dependency on keyring (and hence dbus) is expected, but we did not fully consider the implications for headless sessions. We are currently looking into providing a better experience in headless Linux environments.