Can you use gnome keyring in bash script, if yes then how?

Question

I am developing a automated mounting script for Windows shares. I have finished the script and it works just fine, but is it possible to add Gnome Keyring to the bash so once user writes hes/hers password then it will be saved to Gnome Keyring and later will be taken from there. Also my Windows AD users passwords have to be changed each month and is it possible to make the script so once a month has passed then the script asks for password again?

Example:

User logs in to Ubuntu and the mount script starts at login. User writes hes/hers password and the script sends it to Gnome Keyring to be saved. Next time he/she will login then password will be taken from Gnome Keyring, but if its 1st of June for example the user has to write the password again.

Code:

    #!/bin/bash
MOUNTDIR=Public
DIRNAME=Shares
DOMAIN=AD_Domain
SERVER=server.local.lan
SHARE=shared_folder

# create mountpoint for mounting
if [ ! -d ${HOME}/${DIRNAME} ]; then
        mkdir ${HOME}/${DIRNAME}
fi

# define a function that launched the zenity username dialog
get_username(){
    zenity --entry --width=300 --title="Mount $MOUNTDIR" --text="Username:"
}
# define a function that launched the zenity password dialog
get_password(){
    zenity --entry --width=300 --title="Mount $MOUNTDIR" --text="Password:" --hide-text
}

# attempt to get the username and exit if cancel was pressed.
wUsername=$(get_username) || exit

# if the username is empty or matches only whitespace.
while [ "$(expr match "$wUsername" '.')" -lt "1" ]; do
    zenity --error --title="Error in username!" --text="Please check your username! Username field can not be empty!"  || exit
    wUsername=$(get_username) || exit
done

# if the password is empty or matches only whitespace.
wPassword=$(get_password) || exit

while [ "$(expr match "$wPassword" '.')" -lt "1" ]; do
    zenity --error --title="Error in password!" --text="Please check your password! Password field can not be empty!" || exit
    wPassword=$(get_password) || exit
done

# mount windows share to mountpoint
sudo mount -t cifs //$SERVER/$SHARE ${HOME}/${DIRNAME} -o username=${wUsername},password=${wPassword},domain=${DOMAIN}

# show if mounting was OK or failed
if [ $? -eq 0 ]; then
        zenity --info --title="Mounting public share succeeded!" --text="Location Documents/Shares/public!"
else
        zenity --error --title="Mounting public did not succed!" --text="Please contact system administrator!"
fi

score 10 · Answer 1 · edited Apr 13 '17 at 12:23

10

According to this answer you can use secret-tool:

# store password
secret-tool store --label='MyLabel' server myserver user myuser key password

# retrieve password
secret-tool lookup server myserver user myuser key password

edited Apr 13 '17 at 12:23

Community

1

answered May 11 '16 at 13:07

Nicolas

233

score 5 · Answer 2 · answered Nov 25 '15 at 15:46

While searching for the same thing, I came across this question and as there was no up-to-date answer (the only answer is in a comment), here is mine:

Check out this. It can be used easily for scripting

python -c "import keyring; print(keyring.get_password('name', 'username'))"
python -c "import keyring; keyring.set_password('name', 'username', '$PASSWORD')"

and in theory should work with many keyring daemons.

DarkMukke · Answer 3 · 2020-11-11T20:24:06.677

Because I really like the python answer ( although it does create a Python dependency, but who doesn't have python installed these days ) But the python answer doesn't elaborate that much, and my example is too big for the comments, here is how I used it.

#!/usr/bin/env bash
check_keyring() {
   [[ $( python3 -c "import keyring" >/dev/null; echo $?) -eq 1 ]] &&
    pip3 --upgrade keyring
}
keyring_get() {
  local key
  key="${1}"
  check_keyring
  python3 -c "import keyring; print(keyring.get_password('myscript', '${key}'))"
}
keyring_isset() {
  local key res
  key="${1}"
  check_keyring
  res=$(python3 -c "import keyring; print(keyring.get_password('myscript', '${key}'))")
  [[ "${res}" == "None" ]] && echo 1 || echo 0
}
keyring_set() {
  local key val
  key="${1}"
  val="${2}"
  check_keyring
  python3 -c "import keyring; print(keyring.set_password('myscript', '${key}', '${val}'))" > /dev/null 2>&1
}
DB_KEY="127.0.0.1|mydb|myuser"
DB_PASSWD=""
if [[ "$(keyring_isset "${DB_KEY}")" -eq 1 ]]; then
  echo -n "PG password for ${DB_KEY}:\n"
  read -sp "" DB_PASSWD
  keyring_set "${DB_KEY}" "${DB_PASSWD}"
else
  DB_PASSWD="$(keyring_get "${DB_KEY}")"
fi
PGPASSWORD="${DB_PASSWD}" psql -h 127.0.0.1 -p 5432 -d mydb -U myuser

This is just an example, obviously this the isset doesn't work if you value is actually set to "None" and it does check if keyring is installed every time, which could create some latency, but it is a hands off dependency that way

Can you use gnome keyring in bash script, if yes then how?

3 Answers3

Linked