This is an old revision of the document!
Table of Contents
Linux Keyring
Here's a few tips on using the Linux Keyring.
secret-tool
Store and retrieve passwords from the keyring.
Install
sudo apt install libsecret-tools
Description
From man secret-tool
Each password is stored in an item. Items are uniquely identified by a set of attribute keys and values. When storing a password you must specify unique pairs of attributes names and values, and when looking up a password you provide the same attribute name and value pairs.
--label= Mainly for GUI programs but can be used to retrieve a given secret.{attribute}= Used by the secret-tool for retrieving or deleting a given secret.{value}= Used by the secret-tool for retrieving or deleting a given secret.
Usage
Add an entry
secret-tool store --label='My Label' {attribute} {value} {attribute2} {value2} [...]
Password:
Get a password
secret-tool lookup {attribute} {value} {attribute2} {value2} [...]
P4s$W0rd
Show entries with simialr key/values
secret-tool search --all {attribute} {value} {attribute2} {value2} [...]
[/org/freedesktop/secrets/collection/TestDB/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
label = test2
secret = P4s$W0rd
created = 2020-05-08 17:58:08
modified = 2020-05-08 21:16:04
schema = (null)
attribute.Path = /test2
attribute.Uuid = 04706d96b2404a2f96de02a8a76bf113
attribute.UserName = chuck
attribute.URL =
attribute.Notes =
attribute.Title = test2
attribute.Key1 = Value1
attribute.Key2 = Value2
Delete an entry
secret-tool clear {attribute} {value} {attribute2} {value2} [...]
# Popup from KeePassXC:
Do you really want to move entry "test2" to the recycle bin?
<MOVE> <CANCEL>
Additional search terms
Can create values and search them:
secret-tool search --all Title name
secret-tool search --all UserName name
secret-tool search --all URL https://www.url.com
secret-tool search --all Notes value
secret-tool search --all {attribute} {value} [...]
Tips
- Set an alias in ~/.bash_aliases:
alias get_password1='secret-tool lookup {attribute} {value} {attribute2} {value2}' - Use in docker:
# "The operator can set any environment variable in the container by using one or more -e flags" docker run -it --rm \ -e AWS_ACCESS_KEY_ID=$(aws-key-id) \ -e AWS_SECRET_ACCESS_KEY=$(aws-key-secret) \ local/aws-shell
keyring
Python-Keyring command-line utility: https://pypi.org/project/keyring/
Install
sudo apt install python3-keyring
Description
From man keyring
keyring provides a way to store, lookup and delete passwords in various backends supported by Python-Keyring.
Usage
Python
You can set/get entries from a Python script or from the Python terminal
Add an entry
keyring.set_password("system", "username", "password")
# Same as above but ask for the password
keyring.set_password('twitter', 'xkcd', getpass.getpass())
Get a password
keyring.get_password("system", "username")
CLI
You can set/get entries directly from the command line or from bash scripts, etc.
keyring --helpkeyring set SERVICE USERNAMEkeyring get SERVICE USERNAMEkeyring del SERVICE USERNAME
Details
The commands above will set the following attributes on an entry:
- For example, running:
keyring set twitter chuckn246
- Will create an entry with the Title:
- Password for 'chuckn246' on 'twitter'
- Will set these attributes on the entry:
- application: Python keyring library
- service: twitter
- username: chuckn246
Small Gotcha
- Note that the attribute username is different than the entry UserName (Note capitalization).
secret-tool search service twitter [/org/freedesktop/secrets/collection/TestDB/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx] label = Password for 'chuckn246' on 'twitter' secret = twitterpassword created = 2020-05-08 22:17:06 modified = 2020-05-08 22:17:06 schema = (null) attribute.Path = /Password for 'chuckn246' on 'twitter' attribute.Uuid = 3174d145b5e74435ab15cf45a5d805cb attribute.UserName = chuck attribute.service = twitter attribute.URL = attribute.Notes = attribute.application = Python keyring library attribute.username = chuckn246 attribute.Title = Password for 'chuckn246' on 'twitter'