How do I get passwords from the keyring in the terminal for usage in scripts?

command-line password mount keyrings luks

When you have a LUKS encrypted drive in your computer, Nautilus or Nemo will show it under Devices as a drive with a little lock on it.

When you click it, you need to enter a password. If you choose to remember this password forever, it gets saved to your keyring. Next boot, clicking on the drive will immediately mount it.

How do I 'immediately mount' such a drive for which the passphrase is stored in the keyring, from the terminal? I want to have an autostart script that will mount my LUKS drive when I log in. I do not want to store my passphrase in the script, I want to use the passphrase from the keyring:

If you go to Passwords And Keys, there's a bunch of nameless keys. In their properties you can find a description like gvfs-luks-uuid=xxxxxxxxxxxx and also the password for that LUKS drive. This is what Ubuntu uses.

One option I thought about is python-gnomekeyring but it can only get the keyname and password. I need what the GUI calls 'Technical Details' to get the password for a specific uuid because the keyname is always empty.


Solution 1:

You can use secret-tools to store and retrieve the password from the keyring.

To store a new password:

secret-tool store --label='Password for mydrive' drive mydrive

I let you check in the keyring how it appears. To look it up (this command can easily be inserted in your script):

secret-tool lookup drive mydrive

Solution 2:

I think the only answer is through python, but there are two bugs that make things hard.

  1. You need to manually give your keys names (Seahorse: Descriptions) because identifying details that other applications use are not available in the python version. I have created a bug report here: https://bugs.launchpad.net/ubuntu/+source/gnome-python-desktop/+bug/1144781
  2. These descriptions are empty in Seahorse in the specific case of LUKS keys, but changing the empty description does actually change the key name so you can look for it in python. I have created a bug report here: https://bugs.launchpad.net/ubuntu/+source/seahorse/+bug/1144703

If you are working with scripts and keyrings, please mention that these bugs affect you too.

  • Bug 1144781 affects me too
  • Bug 1144703 affects me too

As for the python part, here is an example:

#!/usr/bin/env python

import gnomekeyring as gk

keyring = 'login'
keyItems = gk.list_item_ids_sync(keyring)

for keyItem in keyItems:
    key = gk.item_get_info_sync(keyring, keyItem)
    if  key.get_display_name() == 'KeyName you are looking for':
        # Your script here using key.get_secret()
        print "Password:", key.get_secret()

If you know of any other way, e.g. through simple bash commands, please let us know.

Solution 3:

Use Python Keyring Lib

It has a convenient CLI for use in shell scripts.

Installation

pip install keyring

Setting and getting keys

$ keyring set system username
Password for 'username' in 'system':
$ keyring get system username
password

Related

How can I disable avahi-daemon?
No internet after upgrade from 16.04 to 18.04
Scan many pages straight into a PDF
How can I install CUDA 9 on Ubuntu 17.10
How is sudo safer than directly using su if the user is granted access to all commands?
Can an Android phone control Ubuntu like a remote?
How can I set a single .bashrc file for several users?
Is it safe to delete a lost+found folder?
Unpack a war file to a destination folder without verbose output
Is it possible to open a terminal in the current directory?
Ubuntu 18.04 stuck in boot after starting Gnome Display Manager on Intel Graphics
Can I toggle word-wrapping on/off quickly in Gedit?