Storing passwords with python keyring
The keyring library uses the standard keyring of your desktop environment, e.g. the GNOME keyring. This keyring is unlocked as soon as you log in, meaning: yes, any other application run by you has access to the password you store with your application, but -- and this is the idea of a keyring -- other users and their applications have not.
Quoting “gnome-keyring Security Philosophy”:
An example of security theater is giving the illusion that somehow one application running in a security context (such as your user session) can keep information from another application running in the same security context.
Note that the username
in the set_password
/get_password
functions is not related to the name of the user running the application (i.e. the user whose keyring is used) but may be for example an email address, a database username, etc.
Related videos on Youtube
umpirsky
Updated on September 18, 2022Comments
-
umpirsky over 1 year
I'm using keyring library to store passwords in my python app.
import keyring keyring.set_password('My namespace', username, password) keyring.get_password('My namespace', username)
And this works very well.
I assume that passwords are safe in keyring, they are encrypted. But, since I can get them by username, what prevents other apps to do the same?
Isn't that a security risk, or am I missing something?
-
Javier Rivera over 12 yearsNo, anyone retrieving the password will need to know (or have provided) the user login password. Try to set autologin on and then run your app. You shouldn't be able to access the stored passwords without giving your login password.
-
Cat Man Do about 9 yearsIt's important to note that this code running on Ubuntu Server where there is no Gnome Keyring will fall back to files with Base64 encoded values which are easily accessible.
-
AdamC almost 5 yearsThat link seems dead.