My setup is Manjaro KDE. I don’t use full-disk encryption but encrypt some drives on demand with LUKS. I have been in the habit of letting KWallet save the passphrases, which is the default behavior.
After reading about the security shortcomings of Kwallet, see
https://bbs.archlinux.org/viewtopic.php?id=233278
I think it would be a reasonable precaution to save LUKS passphrases in a different KWallet (not the default “kwallet”) since the default wallet is always open after login and has only the weakest access control (string check of the requesting application’s name if I understand correctly.)
The only answer to the question of how to change the wallet I have found so far is from the google AI, which tells me that with the opened LUKS partition, changing the location of the wallet that has the passphrase is as simple as
cryptsetup luksChangeKey --kwallet "kwallet-name" /dev/mapper/my_luks_name
but I can find no evidence in the cryptsetup-lukschangekey man page that a --kwallet option to cryptsetup luksChangeKey even exists. Maybe this is an AI hallucination.
How do I change the kwallet that LUKS uses to look up the passphrase for encrypted drives?