This project is a culmination of scripts and plugins to help use gnome-keyring as a single password store for various apps.
Note: Most of the plugins provided expect the bin/keyring script included in the repository to be available in your path.
- Dependencies:
- gnome-keyring
- python-gnomekeyring
This script allows you to perform some basic operations on your keyring:
Usage: keyring [options] <command> [command args]
Commands:
list - list all stored keys
set [<key>] - set a key
get/password <key> - get a password for the given key
prompt - Open a dialog prompting for the key to use, then putting the
resulting pass on the clipboard.
delete <key> - delete the entry for the given key
username <domain> - get the username for the given domain
smtp - set a smtp password (msmtp format)
link <key> <key> [<key> ...] - link one or more keys together
Note that this is a feature unique to this script and
won't be supported by other programs reading directly
from gnome-keyring.
Options:
-h, --help show this help message and exit
-k KEYRING, --keyring=KEYRING
the keyring to use (default: login)
--hash=HASH run the password through the specified hash before
outputting it
--salt combined with --hash, the key will be used as a salt
--pbkdf2 use pbkdf2 with optional --hash and --salt to hash the
password for output
-t TEMPFILE, --tempfile=TEMPFILE
write get/password/username to a tempfile (deleted 1s
after creation)
-c, --clipboard write get/password/username to a clipboard (cleared
10s after being set). Requires xclip
-p, --paste when used with 'prompt', paste the result password
into the currently focused field. Requires xdotool
A vimperator plugin is provided which can be used to populate username/password fields on web site login forms by pulling the information from the keyring based on the current domain.
To install this plugin simply add the absolute path to the keyring's vimperator
directory to your vimperator runtimepath in your ~/.vimperatorrc file:
set runtimepath+=/path/to/keyring/vimperator
After you've installed the plugin, the next step is to store your credentials
for a domain in the keyring using the format username@domain where username
can be an email address if necessary:
./bin/keyring set myuser@somesite.com ./bin/keyring set myuser@gmail.com@somesite.com
When deciding what domain to suffix the key with, please be aware that the vimperator plugin will use the full domain name, but will strip off common prefixes (www, www\d*, wwws, us, login, sitekey, secure):
www.site.com -> site.com www1.site.com -> site.com users.site.com -> users.site.com (no change)
Once you've added your credentials for a given site to the keyring, you can
then navigate to that site's login page and simply run :keyring login and the
username/password fields should be populated, allowing you to then manually
submit the form.
Note that the plugin will log some general debug info to the firebug console allowing to get an idea of what is happening behind the scenes.
Here is a full usage for the :keyring command:
Usage:
:keyring login
Attempt to find the username/password fields and populate them.
:keyring username
Populate the current (or last) focused input with the username.
:keyring password
Populate the current (or last) focused password input with the password.
Note: this will only populate the input if it is of type 'password'.
The pentadactyl plugin is just like the vimperator plugin, but you instead add
the keyring's pentadactyl directory the runtimepath in your
~/.pentadactylrc file:
set runtimepath+=/path/to/keyring/pentadactyl
An irssi plugin is provided allowing you to authenticate all or individually configured accounts using gnome-keyring.
You can install the plugin by copying or symlinking the irssi/scripts/keyring.pl file to your irssi scripts directory (~/.irssi/scripts) and then adding a corresponding load line to your irssi startup file (~/.irssi/startup):
load keyring.pl
After installing the keyring.pl plugin, you then need to create a login file
in your irssi config directory (~/.irssi/login) with a list of connection
commands, one per line, where the special <password> token is replaced with
the password obtained from the keyring.
Here is an example file to authenticate a freenode account and a google talk account:
connect irc.freenode.net 6667 <password> mynick xmppconnect -host talk.google.com myuser@gmail.com <password>
Note that if the actual key used in the keyring for that account differs from
the username specified in the connection string, you can use the
<password:key> syntax to specify the key to use when looking up the
password:
xmppconnect -host talk.google.com myuser@gmail.com <password:myuser@gmail.com@irssi>
Once you've created the login file, you can then use the /keyring [username]
command in irssi to authenticate all or individual accounts:
/keyring /keyring username
Similar to using /names in a channel, supplying the special username
names to /keyring will print a list of available usernames:
This feature can also be used with irssi's /set command if you have a
sensitive setting value. Any lines in your login file in the form of:
set some_var <password>
Will use the variable name (some_var in this example) as the keyring key to
lookup, and will substitute in the retrieved value to be set on that variable in
irssi.
/keyring names
The keyring python module included at bin/keyring can also be used in conjunction with offlineimap.
The first step is to set the pythonfile setting in your ~/.offlineimaprc
file:
pythonfile = /path/to/keyring/bin/keyring
Then for each of your email repository configs in your ~/.offlineimaprc, you
can set the remotepasseval setting to pull the password from the keyring:
remotepasseval = Keyring().get('me@domain.com')
When configured using --with-gnome-keyring, msmtp supports pulling
credentials from gnome-keyring. The only caveat is that msmtp requires that the
credentials be stored in a very specific format in the keyring. To store keys in
the proper format, the bin/keyring script provides a dedicated smtp command
which will prompt you for the appropriate values:
./bin/keyring smtp
For other programs the keyring script provides a prompt command which will
open a dialog (pygtk) where you can enter the key to use and the keyring script
will put the resulting password into your clipboard for 10 seconds during which
time you can paste it into the password field of whatever app you are using:
./bin/keyring prompt
If you would like the paste step to be performed for you, you can supply the
--paste argument. Be careful though since this command cannot determine if the
currently focused input is a text field or not, so it would paste into a clear
text field exposing your password to anyone watching over your shoulder.
./bin/keyring prompt --paste
You can create a mapping to this command in your preferred window manager to provide easy access to your keyring.