GNOME Keyring Access for Python

1 minute read

Overview

Occasionally in scripts I need to securely store and then access user names and passwords to remote servers. Less security concerned people might just hard code the clear-text values, but this doesn’t sit well with me. In some projects I’ve used OpenSSL or GPG to encrypt and decrypt files in some random format I made up on the spot. OpenSSL wasn’t a good idea because I would have to enter a password interactively to decrypt my other passwords. GPG worked quite a bit better with gpg-agent (or in my case gnome-keyring which implements an gpg-agent) as the secrets to the keys could be cached in memory.

Revisit GNOME Keyring

I stumbled on a blog post where some someone had put together a very simple python module to interface to gnome-keyring called Keyring.

The code is so simple and easy to use it’s awesome. I’m going to use this in place of other more hacky solutions (read GPG or OpenSSL described above).

What’s GNOME Keyring?

For those who don’t know, GNOME Keyring is an integral part of all GNOME desktops (read: Ubuntu for those of you brain washed by Ubuntu Unity). When you login, your keyring is unlocked. When you logout it’s locked. This happens seamlessly in the background. It may not be as secure as something more explicit, because any compromised processes running as my user or root can access it. Nevertheless, it’s so convenient it’s almost stupid to not use it for most semi-secure applications.

In addition to implementing it’s own keyring for secret storage, it also implements a broken GPG agent and integrates with ssh-agent.

Checkout GNOME Keyring if you want to learn more.

Keyring Gist

Comments