Chuck Nemeth

User Tools

Site Tools

Trace:
linux:security:keyring:secret-tool

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
linux:security:keyring:secret-tool [2020/05/25 15:28] – [Usage] chucklinux:security:keyring:secret-tool [2021/11/14 16:59] (current) chuck
Line 1: Line 1:
 ======secret-tool====== ======secret-tool======
-Store and retrieve passwords from the keyring. 
  
-===Description=== 
-<WRAP green announcement smaller> 
-==From man secret-tool== 
-Each password is stored in an item. Items are uniquely identified by a set of attribute keys and values. When 
-storing a password you must specify unique pairs of attributes names and values, and when looking up a  
-password you provide the same attribute name and value pairs. 
-</WRAP> 
  
 ---- ----
  
-====Install==== +=====Description===== 
- +Store and retrieve passwords from the keyring.
-  * ''%%sudo apt install libsecret-tools%%''+
  
 ---- ----
  
-====Usage==== +=====Install=====
-===Flags=== +
-  * ''%%--label%%'' = Mainly for GUI programs but can be used to retrieve a given secret. +
-  * ''%%{attribute}%%'' = Used by the secret-tool for retrieving or deleting a given secret. +
-  * ''%%{value}%%'' = Used by the secret-tool for retrieving or deleting a given secret.+
  
-===Add an entry=== +====apt==== 
-<code>secret-tool store --label='My Label' {attribute} {value} {attribute2} {value2} [...] +  * Install using apt:<code bash> 
-Password:+sudo apt install libsecret-tools
 </code> </code>
  
-===Get password=== +---- 
-<code>+ 
 +=====Usage===== 
 +  * **Flags:** 
 +    * ''%%--label%%'' = Mainly for GUI programs but can be used to retrieve given secret. 
 +    * ''%%{attribute}%%'' Used by the secret-tool for retrieving or deleting a given secret. 
 +    * ''%%{value}%%'' Used by the secret-tool for retrieving or deleting a given secret. 
 + 
 +  * Add an entry:<code bash> 
 +secret-tool store --label='My Label' {attribute} {value} {attribute2} {value2} [...] 
 +</code> 
 +  * Retrieve a password:<code bash>
 secret-tool lookup {attribute} {value} {attribute2} {value2} [...] secret-tool lookup {attribute} {value} {attribute2} {value2} [...]
-P4s$W0rd 
 </code> </code>
- +  * Show entries with similar key/values:<code bash>
-===Show entries with simialr key/values=== +
-<code>+
 secret-tool search --all {attribute} {value} {attribute2} {value2} [...] secret-tool search --all {attribute} {value} {attribute2} {value2} [...]
-[/org/freedesktop/secrets/collection/TestDB/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx] 
-label = test2 
-secret = P4s$W0rd 
-created = 2020-05-08 17:58:08 
-modified = 2020-05-08 21:16:04 
-schema = (null) 
-attribute.Path = /test2 
-attribute.Uuid = 04706d96b2404a2f96de02a8a76bf113 
-attribute.UserName = chuck 
-attribute.URL =  
-attribute.Notes =  
-attribute.Title = test2 
-attribute.Key1 = Value1 
-attribute.Key2 = Value2 
 </code> </code>
- +  * Delete an entry:<code bash>
-===Delete an entry=== +
-<code>+
 secret-tool clear {attribute} {value} {attribute2} {value2} [...] secret-tool clear {attribute} {value} {attribute2} {value2} [...]
-# Popup from KeePassXC:  
-Do you really want to move entry "test2" to the recycle bin? 
-                                            <MOVE> <CANCEL> 
 </code> </code>
  
-===Additional search terms=== +---- 
-Can create values and search them+====Searching==== 
-<code>+  * Generic Formatting Example:<code bash> 
 +secret-tool search --all {attribute} {value} [...] 
 +</code> 
 +  * Search ''%%Title%%'':<code bash>
 secret-tool search --all Title name secret-tool search --all Title name
 +</code>
 +  * Search ''%%UserName%%'':<code bash>
 secret-tool search --all UserName name secret-tool search --all UserName name
 +</code>
 +  * Search ''%%URL%%'':<code bash>
 secret-tool search --all URL https://www.url.com secret-tool search --all URL https://www.url.com
 +</code>
 +  * Search ''%%Notes%%'':<code bash>
 secret-tool search --all Notes value secret-tool search --all Notes value
-secret-tool search --all {attribute} {value} [...] 
 </code> </code>
  
 ---- ----
  
-====Tips==== +=====Tips===== 
-  * Set an alias in ~/.bash_aliases:<code>alias get_password1='secret-tool lookup {attribute} {value} {attribute2} {value2}'</code> +  * Set an alias in ''%%~/.bash_aliases%%'':<code bash> 
-  * Use in docker:<code> +alias get_password1='secret-tool lookup {attribute} {value} {attribute2} {value2}' 
-# "The operator can set any environment variable in the container by using one or more -e flags" +</code> 
-docker run -it --rm \ +  * Use in docker: https://www.marian-dan.ro/blog/storing-secrets-using-secret-tool/ 
-  -e AWS_ACCESS_KEY_ID=$(aws-key-id) \ + 
-  -e AWS_SECRET_ACCESS_KEY=$(aws-key-secret) \ +---
-  local/aws-shell+ 
 +====Use keyring for Ansible==== 
 +  * Create keyring entry:<code bash> 
 +secret-tool store --label='Ansible Playbook' service ansible_playbook username <username> 
 +</code> 
 +  * Create variable in playbook:<code yaml> 
 +admin_user: "username" 
 +ansible_become_pass: "{{ lookup('community.general.keyring', 'ansible_playbook {{ admin_user }}') }}"
 </code> </code>
-  * From here: https://www.marian-dan.ro/blog/storing-secrets-using-secret-tool/+  * https://docs.ansible.com/ansible/latest/collections/community/general/keyring_lookup.html
  
 ---- ----
linux/security/keyring/secret-tool.1590420523.txt.gz · Last modified: by chuck