What does Default Keyring do exactly?

On my laptop, I’m using Brave in Fedora Qubes. The first time I open Brave in one, I’m asked to set a password for GNOMEs “Default keyring”, which I then need to enter every time I start Brave again. I want to evaluate whether it’s worth it to set a strong password for the Default keyring or not.

To make this decision, I need to know what exactly it does. Some concrete questions I have are:

  • Is Brave data securely encrypted with the default keyring password while it’s not running?
  • Would an attacker with physical access to my running laptop be unable to extract sensitive Brave data from a Brave-Qube that’s not running, assuming I’m using a sufficiently strong default keyring?
  • What kinds of data are protected by the default keyring? What about bookmarks, browsing history, login cookies, other site data, my sync password, extension data?