Home / ubuntu / Questions / 262698
Accepted
Redsandro
Asked: 2013-03-02 06:09:15 +0800 CST

How do I get passwords from the keyring in the terminal for usage in scripts?

  • 772

When you have a LUKS encrypted drive in your computer, Nautilus or Nemo will show it under Devices as a drive with a little lock on it.

When you click it, you need to enter a password. If you choose to remember this password forever, it gets saved to your keyring. Next boot, clicking on the drive will immediately mount it.

How do I 'immediately mount' such a drive for which the passphrase is stored in the keyring, from the terminal? I want to have an autostart script that will mount my LUKS drive when I log in. I do not want to store my passphrase in the script, I want to use the passphrase from the keyring:

If you go to Passwords And Keys, there's a bunch of nameless keys. In their properties you can find a description like gvfs-luks-uuid=xxxxxxxxxxxx and also the password for that LUKS drive. This is what Ubuntu uses.

One option I thought about is python-gnomekeyring but it can only get the keyname and password. I need what the GUI calls 'Technical Details' to get the password for a specific uuid because the keyname is always empty.

command-line

3 Answers

  1. You can use secret-tools to store and retrieve the password from the keyring.

    To store a new password:

    secret-tool store --label='Password for mydrive' drive mydrive

    I let you check in the keyring how it appears. To look it up (this command can easily be inserted in your script):

    secret-tool lookup drive mydrive
    • 43
  2. Best Answer

    I think the only answer is through python, but there are two bugs that make things hard.

    1. You need to manually give your keys names (Seahorse: Descriptions) because identifying details that other applications use are not available in the python version. I have created a bug report here: https://bugs.launchpad.net/ubuntu/+source/gnome-python-desktop/+bug/1144781
    2. These descriptions are empty in Seahorse in the specific case of LUKS keys, but changing the empty description does actually change the key name so you can look for it in python. I have created a bug report here: https://bugs.launchpad.net/ubuntu/+source/seahorse/+bug/1144703

    If you are working with scripts and keyrings, please mention that these bugs affect you too.

    As for the python part, here is an example:

    #!/usr/bin/env python

import gnomekeyring as gk

keyring = 'login'
keyItems = gk.list_item_ids_sync(keyring)

for keyItem in keyItems:
    key = gk.item_get_info_sync(keyring, keyItem)
    if  key.get_display_name() == 'KeyName you are looking for':
        # Your script here using key.get_secret()
        print "Password:", key.get_secret()

    If you know of any other way, e.g. through simple bash commands, please let us know.

    • 10

  3. Use Python Keyring Lib

    It has a convenient CLI for use in shell scripts.

    Installation

    pip install keyring

    Setting and getting keys

    $ keyring set system username
Password for 'username' in 'system':
$ keyring get system username
password
    • 8