Question

10

How do I get passwords from the keyring in the terminal for usage in scripts?

rated 0 times [ 10] [ 0] / answers: 1 / hits: 38088 / 3 Years ago, sun, august 1, 2021, 8:08:27

When you have a LUKS encrypted drive in your computer, Nautilus or Nemo will show it under Devices as a drive with a little lock on it.

When you click it, you need to enter a password. If you choose to remember this password forever, it gets saved to your keyring. Next boot, clicking on the drive will immediately mount it.

How do I 'immediately mount' such a drive for which the passphrase is stored in the keyring, from the terminal? I want to have an autostart script that will mount my LUKS drive when I log in. I do not want to store my passphrase in the script, I want to use the passphrase from the keyring:

If you go to Passwords And Keys, there's a bunch of nameless keys. In their properties you can find a description like gvfs-luks-uuid=xxxxxxxxxxxx and also the password for that LUKS drive. This is what Ubuntu uses.

One option I thought about is python-gnomekeyring but it can only get the keyname and password. I need what the GUI calls 'Technical Details' to get the password for a specific uuid because the keyname is always empty.

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

neasinient

Add To Favorites

Follow

Total Points: 491

Total Questions: 120

Total Answers: 93

Location: The Bahamas

Member since Mon, Aug 2, 2021

3 Years ago

answered 3 Years ago adedes · Accepted Answer

I think the only answer is through python, but there are two bugs that make things hard.

You need to manually give your keys names (Seahorse: Descriptions) because identifying details that other applications use are not available in the python version. I have created a bug report here: https://bugs.launchpad.net/ubuntu/+source/gnome-python-desktop/+bug/1144781

These descriptions are empty in Seahorse in the specific case of LUKS keys, but changing the empty description does actually change the key name so you can look for it in python. I have created a bug report here: https://bugs.launchpad.net/ubuntu/+source/seahorse/+bug/1144703

If you are working with scripts and keyrings, please mention that these bugs affect you too.

Bug 1144781 affects me too

Bug 1144703 affects me too

As for the python part, here is an example:

#!/usr/bin/env python



import gnomekeyring as gk



keyring = 'login'

keyItems = gk.list_item_ids_sync(keyring)



for keyItem in keyItems:

    key = gk.item_get_info_sync(keyring, keyItem)

    if  key.get_display_name() == 'KeyName you are looking for':

        # Your script here using key.get_secret()

        print "Password:", key.get_secret()

If you know of any other way, e.g. through simple bash commands, please let us know.