Do you know how can start an openvpn connection using a password received from secret-tool (gnome keyring)? In the configuration you can only put a password file (auth-user-pass) but I do not see how I can utilize the keyring.
Best, v.
Asked
Active
Viewed 648 times
0
-
I have looked for this in the past and I don't believe you can pipe a password to openvpn. You might be able to emulate keystrokes using a script but I don't recommend this approach. – Pedro May 18 '20 at 10:15
-
1@Pedro: What about creating a temporary file, which is then read by atuh-user-pass and destroyed afterwards? – varantir May 18 '20 at 10:18
-
may be possible. but you are asking for trouble from a security perspective. how will you pipe the password into the file? how will you delete the file (all modern file systems journal metadata, most journal data as well, none scrubs deleted data blocks by default...)? how will you ensure that the file isn't spotted and linked by another process? – Pedro May 18 '20 at 10:33
1 Answers
0
Follow the instructions here (but I can only get it to work once): How do you enable the secret-tool command (backed by gnome-keyring, libsecret and dbus) in a headless CentOS Docker container?
And then use $(secret-tool lookup openvpn password) as the password for openvpn. You probably need to unlock the keyring again (which is what I'm wrestling with here: Error "secret-tool: Cannot create an item in a locked collection")
alchemy
- 537
- 5
- 16