Which is still protecting secrets at rest.
What are people not getting about this? The point of a shared keyring is to enable applications to share secrets. My git tokens are shared between git, my IDE, various scripts etc.
This discussion highlights the exact issue: people don't even understand what problem or use case they are actually solving.
From what I read here, the problem is that EVIL.app can read your git tokens, too, without you having anything to say about it.
Yes, you want a system that allows sharing of those tokens between various tools, but you also want the user to be in control of which tools can share them.