6

Like this question, I am looking for a password repository and that I can use to feed my programs and scripts with those passwords.

I found seahorse which seems to have what I need under the "Login" folder but I am not quite sure where the passwords are stored (for backup) and I don't know how to get the passwords in shell so I can pipe them into my scripts. I was under the impression that I can use gpg to access those passwords, but I don't quite know how.

Is it possible to access (and create) those passwords in terminal?

Tohiko
  • 307
  • 2
  • 9

1 Answers1

7

Seahorse is a GUI frontend to the Gnome keyring. The libsecret library comes with a command line utility called secret-tool which lets you access the Gnome keyring from the command line or a script.

Examples of secret-tool usage: for mutt, for mutt, in a shell script, in a CentOS Docker container, in a systemd unit file.

For backup purposes, the keyring file is in ~/.local/share/keyrings.

Gilles 'SO- stop being evil'
  • 807,993
  • 194
  • 1,674
  • 2,175
  • Could you add an example on how to query passwords saved in seahorse with that tool? I cannot make it work ... [See also](https://askubuntu.com/questions/470384/is-it-possible-to-use-secret-tool-to-lookup-existing-seahorse-passwords) – pLumo May 27 '20 at 15:04
  • 1
    Okay, if you know an attribute and its full value you can query it, but it seems not possible to do a fuzzy/regex search for e.g. the label. – pLumo May 27 '20 at 15:27
  • @pLumo `secret-tool search …`. But indeed I think you need to know at least one attribute. If you don't, I think the next most convenient tool is the Python API. I used it in the past [to automatically change passwords](https://unix.stackexchange.com/questions/214126/change-the-password-for-many-accounts-at-once-in-gnome-keyring). Beware that the API isn't stable, I don't know if that script still works today. – Gilles 'SO- stop being evil' May 27 '20 at 16:04
  • @Gilles'SO-stopbeingevil' you might be delighted to learn about lssecret: https://askubuntu.com/a/1155765/207933 – Frederick Nord Dec 08 '20 at 08:43
  • Would be nice to have an example to see how you could retrieve real stuff out of it. E.g. `secret-tool lookup signon_realm https://lwn.net/` (note that the value must be identical, I wasted a bit of time when avoided / at the end) will retrieve password for this site. – 0andriy Nov 03 '21 at 14:56