Differences

This shows you the differences between two versions of the page.

--- linux:security:keyring:secret-tool [2021/11/09 00:29] – [Flags] chuck
+++ linux:security:keyring:secret-tool [2021/11/14 16:59] (current) – chuck
@@ Line 1: / Line 1: @@
 ======secret-tool======
-Store and retrieve passwords from the keyring.
 ----
-===Description===
+=====Description=====
-<WRAP green announcement smaller>
+Store and retrieve passwords from the keyring.
-==From man secret-tool==
-Each password is stored in an item. Items are uniquely identified by a set of attribute keys and values. When
-storing a password you must specify unique pairs of attributes names and values, and when looking up a
-password you provide the same attribute name and value pairs.
-</WRAP>
 ----
@@ Line 25: / Line 19: @@
 =====Usage=====
-  * Flags:
+  * **Flags:**
     * ''%%--label%%'' = Mainly for GUI programs but can be used to retrieve a given secret.
     * ''%%{attribute}%%'' = Used by the secret-tool for retrieving or deleting a given secret.
     * ''%%{value}%%'' = Used by the secret-tool for retrieving or deleting a given secret.
-----
   * Add an entry:<code bash>
 secret-tool store --label='My Label' {attribute} {value} {attribute2} {value2} [...]
-Password:
 </code>
   * Retrieve a password:<code bash>
 secret-tool lookup {attribute} {value} {attribute2} {value2} [...]
-P4s$W0rd
 </code>
   * Show entries with similar key/values:<code bash>
 secret-tool search --all {attribute} {value} {attribute2} {value2} [...]
-[/org/freedesktop/secrets/collection/TestDB/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
-label = test2
-secret = P4s$W0rd
-created = 2020-05-08 17:58:08
-modified = 2020-05-08 21:16:04
-schema = (null)
-attribute.Path = /test2
-attribute.Uuid = 04706d96b2404a2f96de02a8a76bf113
-attribute.UserName = chuck
-attribute.URL =
-attribute.Notes =
-attribute.Title = test2
-attribute.Key1 = Value1
-attribute.Key2 = Value2
 </code>
   * Delete an entry:<code bash>
 secret-tool clear {attribute} {value} {attribute2} {value2} [...]
 </code>
+----
 ====Searching====
   * Generic Formatting Example:<code bash>
@@ Line 81: / Line 57: @@
 ----
-====Tips====
+=====Tips=====
-  * Set an alias in ~/.bash_aliases:<code>alias get_password1='secret-tool lookup {attribute} {value} {attribute2} {value2}'</code>
+  * Set an alias in ''%%~/.bash_aliases%%'':<code bash>
-  * Use in docker:<code>
+alias get_password1='secret-tool lookup {attribute} {value} {attribute2} {value2}'
-# "The operator can set any environment variable in the container by using one or more -e flags"
+</code>
-docker run -it --rm \
+  * Use in docker: https://www.marian-dan.ro/blog/storing-secrets-using-secret-tool/
-  -e AWS_ACCESS_KEY_ID=$(aws-key-id) \
-  -e AWS_SECRET_ACCESS_KEY=$(aws-key-secret) \
+----
-  local/aws-shell
+====Use keyring for Ansible====
+  * Create keyring entry:<code bash>
+secret-tool store --label='Ansible Playbook' service ansible_playbook username <username>
+</code>
+  * Create variable in playbook:<code yaml>
+admin_user: "username"
+ansible_become_pass: "{{ lookup('community.general.keyring', 'ansible_playbook {{ admin_user }}') }}"
 </code>
-  * From here: https://www.marian-dan.ro/blog/storing-secrets-using-secret-tool/
+  * https://docs.ansible.com/ansible/latest/collections/community/general/keyring_lookup.html
 ----