Chuck Nemeth

User Tools

Site Tools

Trace:
linux:security:keyring:secret-tool

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
linux:security:keyring:secret-tool [2021/11/09 00:26] – [Usage] chucklinux:security:keyring:secret-tool [2021/11/14 16:59] (current) chuck
Line 1: Line 1:
 ======secret-tool====== ======secret-tool======
-Store and retrieve passwords from the keyring. 
  
  
 ---- ----
  
-===Description=== +=====Description===== 
-<WRAP green announcement smaller> +Store and retrieve passwords from the keyring.
-==From man secret-tool== +
-Each password is stored in an item. Items are uniquely identified by a set of attribute keys and values. When +
-storing a password you must specify unique pairs of attributes names and values, and when looking up a  +
-password you provide the same attribute name and value pairs. +
-</WRAP>+
  
 ---- ----
Line 25: Line 19:
  
 =====Usage===== =====Usage=====
-====Flags==== +  * **Flags:** 
-  * ''%%--label%%'' = Mainly for GUI programs but can be used to retrieve a given secret. +    * ''%%--label%%'' = Mainly for GUI programs but can be used to retrieve a given secret. 
-  * ''%%{attribute}%%'' = Used by the secret-tool for retrieving or deleting a given secret. +    * ''%%{attribute}%%'' = Used by the secret-tool for retrieving or deleting a given secret. 
-  * ''%%{value}%%'' = Used by the secret-tool for retrieving or deleting a given secret. +    * ''%%{value}%%'' = Used by the secret-tool for retrieving or deleting a given secret.
- +
-----+
  
   * Add an entry:<code bash>   * Add an entry:<code bash>
 secret-tool store --label='My Label' {attribute} {value} {attribute2} {value2} [...] secret-tool store --label='My Label' {attribute} {value} {attribute2} {value2} [...]
-Password: 
 </code> </code>
   * Retrieve a password:<code bash>   * Retrieve a password:<code bash>
 secret-tool lookup {attribute} {value} {attribute2} {value2} [...] secret-tool lookup {attribute} {value} {attribute2} {value2} [...]
-P4s$W0rd 
 </code> </code>
   * Show entries with similar key/values:<code bash>   * Show entries with similar key/values:<code bash>
 secret-tool search --all {attribute} {value} {attribute2} {value2} [...] secret-tool search --all {attribute} {value} {attribute2} {value2} [...]
-[/org/freedesktop/secrets/collection/TestDB/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx] 
-label = test2 
-secret = P4s$W0rd 
-created = 2020-05-08 17:58:08 
-modified = 2020-05-08 21:16:04 
-schema = (null) 
-attribute.Path = /test2 
-attribute.Uuid = 04706d96b2404a2f96de02a8a76bf113 
-attribute.UserName = chuck 
-attribute.URL =  
-attribute.Notes =  
-attribute.Title = test2 
-attribute.Key1 = Value1 
-attribute.Key2 = Value2 
 </code> </code>
- 
   * Delete an entry:<code bash>   * Delete an entry:<code bash>
 secret-tool clear {attribute} {value} {attribute2} {value2} [...] secret-tool clear {attribute} {value} {attribute2} {value2} [...]
 </code> </code>
  
-===Additional search terms=== +---- 
-Can create values and search them+====Searching==== 
-<code>+  * Generic Formatting Example:<code bash> 
 +secret-tool search --all {attribute} {value} [...] 
 +</code> 
 +  * Search ''%%Title%%'':<code bash>
 secret-tool search --all Title name secret-tool search --all Title name
 +</code>
 +  * Search ''%%UserName%%'':<code bash>
 secret-tool search --all UserName name secret-tool search --all UserName name
 +</code>
 +  * Search ''%%URL%%'':<code bash>
 secret-tool search --all URL https://www.url.com secret-tool search --all URL https://www.url.com
 +</code>
 +  * Search ''%%Notes%%'':<code bash>
 secret-tool search --all Notes value secret-tool search --all Notes value
-secret-tool search --all {attribute} {value} [...] 
 </code> </code>
  
 ---- ----
  
-====Tips==== +=====Tips===== 
-  * Set an alias in ~/.bash_aliases:<code>alias get_password1='secret-tool lookup {attribute} {value} {attribute2} {value2}'</code> +  * Set an alias in ''%%~/.bash_aliases%%'':<code bash> 
-  * Use in docker:<code> +alias get_password1='secret-tool lookup {attribute} {value} {attribute2} {value2}' 
-# "The operator can set any environment variable in the container by using one or more -e flags" +</code> 
-docker run -it --rm \ +  * Use in docker: https://www.marian-dan.ro/blog/storing-secrets-using-secret-tool/ 
-  -e AWS_ACCESS_KEY_ID=$(aws-key-id) \ + 
-  -e AWS_SECRET_ACCESS_KEY=$(aws-key-secret) \ +---
-  local/aws-shell+ 
 +====Use keyring for Ansible==== 
 +  * Create keyring entry:<code bash> 
 +secret-tool store --label='Ansible Playbook' service ansible_playbook username <username> 
 +</code> 
 +  * Create variable in playbook:<code yaml> 
 +admin_user: "username" 
 +ansible_become_pass: "{{ lookup('community.general.keyring', 'ansible_playbook {{ admin_user }}') }}"
 </code> </code>
-  * From here: https://www.marian-dan.ro/blog/storing-secrets-using-secret-tool/+  * https://docs.ansible.com/ansible/latest/collections/community/general/keyring_lookup.html
  
 ---- ----
linux/security/keyring/secret-tool.1636417599.txt.gz · Last modified: by chuck