Can you use gnome keyring in bash script, if yes then how?

bash scripts password keyrings

7,091

Solution 1

According to this answer you can use secret-tool:

# store password
secret-tool store --label='MyLabel' server myserver user myuser key password

# retrieve password
secret-tool lookup server myserver user myuser key password

Solution 2

While searching for the same thing, I came across this question and as there was no up-to-date answer (the only answer is in a comment), here is mine:

Check out this. It can be used easily for scripting

python -c "import keyring; print(keyring.get_password('name', 'username'))"
python -c "import keyring; keyring.set_password('name', 'username', '$PASSWORD')"

and in theory should work with many keyring daemons.

7,091

mYzk

Updated on September 18, 2022

Comments

mYzk over 1 year

I am developing a automated mounting script for Windows shares. I have finished the script and it works just fine, but is it possible to add Gnome Keyring to the bash so once user writes hes/hers password then it will be saved to Gnome Keyring and later will be taken from there. Also my Windows AD users passwords have to be changed each month and is it possible to make the script so once a month has passed then the script asks for password again?

Example:

User logs in to Ubuntu and the mount script starts at login. User writes hes/hers password and the script sends it to Gnome Keyring to be saved. Next time he/she will login then password will be taken from Gnome Keyring, but if its 1st of June for example the user has to write the password again.

Code:

    #!/bin/bash
MOUNTDIR=Public
DIRNAME=Shares
DOMAIN=AD_Domain
SERVER=server.local.lan
SHARE=shared_folder

# create mountpoint for mounting
if [ ! -d ${HOME}/${DIRNAME} ]; then
        mkdir ${HOME}/${DIRNAME}
fi

# define a function that launched the zenity username dialog
get_username(){
    zenity --entry --width=300 --title="Mount $MOUNTDIR" --text="Username:"
}
# define a function that launched the zenity password dialog
get_password(){
    zenity --entry --width=300 --title="Mount $MOUNTDIR" --text="Password:" --hide-text
}

# attempt to get the username and exit if cancel was pressed.
wUsername=$(get_username) || exit

# if the username is empty or matches only whitespace.
while [ "$(expr match "$wUsername" '.')" -lt "1" ]; do
    zenity --error --title="Error in username!" --text="Please check your username! Username field can not be empty!"  || exit
    wUsername=$(get_username) || exit
done

# if the password is empty or matches only whitespace.
wPassword=$(get_password) || exit

while [ "$(expr match "$wPassword" '.')" -lt "1" ]; do
    zenity --error --title="Error in password!" --text="Please check your password! Password field can not be empty!" || exit
    wPassword=$(get_password) || exit
done

# mount windows share to mountpoint
sudo mount -t cifs //$SERVER/$SHARE ${HOME}/${DIRNAME} -o username=${wUsername},password=${wPassword},domain=${DOMAIN}

# show if mounting was OK or failed
if [ $? -eq 0 ]; then
        zenity --info --title="Mounting public share succeeded!" --text="Location Documents/Shares/public!"
else
        zenity --error --title="Mounting public did not succed!" --text="Please contact system administrator!"
fi

mYzk almost 10 years

Looked in to gnome keyring manual and seems like it only supports C programs :(
TuKsn almost 10 years

Did you read this Command-line access to GNOME keyring ?

Xaser over 8 years

The OP is mainly asking on how to use GNOME keyring in Bash script, and not Python. Unless you can show that the Python script could be integrated or linked from a Bash script, this answer may be downvoted.
Wilf over 8 years

The python code can be run from a bash script, suppose it counts IF it can interface with gnome keyring
Ivaylo Petrov over 8 years

The code snippet that I have provided can be put directly in a bash script. For example, you can have PASSWORD=$(zenity --password) and then python -c "import keyring; keyring.set_password('wifi_work_password', 'ipetrov', '$PASSWORD')" or PASSWORD=$(python -c "import keyring; print(keyring.get_password('name', 'username'))") (this will return None if no password is found, which might be bad for you, but for me it's ok).
anthony about 5 years

Putting the password ON the command line is NOT a good idea!
anthony about 5 years

It would be better in the password was NOT put on the command line.
Nicolas about 5 years

@anthony, you can add a space at the beginning of the command to not store it in the history.
anthony about 5 years

First... can you remember to put a space in front of a command? But that is not the only issue. It is also becomes visible in the process list! The ONLY time a passwd can be put on the command line is on a bash built in (like "echo") as that does not appear in the process list!
anthony about 5 years

However I retract my comment, as 'password' in this case is not THE password, but an attribute, saying the 'secret' being stored is a password. "secret-tool" always prompts (no-echo) for the 'secret', or reads from standard-input. It just wasn't clear in the example shown, or even in the manual.
anthony about 5 years

echo 'secret' | secret-tool store --label='English Description' attr value [attr value]...
anthony about 5 years

I have made notes about it, (and the in-memory 'kernel keyring' which is better for temporary caching (like when editing files), in ict.griffith.edu.au/anthony/info/crypto/passwd_caching.txt