Skip to content

Latest commit

 

History

History
272 lines (193 loc) · 9.15 KB

README.rst

File metadata and controls

272 lines (193 loc) · 9.15 KB

Overview

This project is a culmination of scripts and plugins to help use gnome-keyring as a single password store for various apps.

Note: Most of the plugins provided expect the bin/keyring script included in the repository to be available in your path.

Dependencies:
  • gnome-keyring
  • python-gnomekeyring

bin/keyring

This script allows you to perform some basic operations on your keyring:

Usage: keyring [options] <command> [command args]

Commands:
  list - list all stored keys
  set [<key>] - set a key
  get/password <key> - get a password for the given key
  prompt - Open a dialog prompting for the key to use, then putting the
           resulting pass on the clipboard.
  delete <key> - delete the entry for the given key
  username <domain> - get the username for the given domain
  smtp - set a smtp password (msmtp format)
  link <key> <key> [<key> ...] - link one or more keys together
      Note that this is a feature unique to this script and
      won't be supported by other programs reading directly
      from gnome-keyring.

Options:
  -h, --help            show this help message and exit
  -k KEYRING, --keyring=KEYRING
                        the keyring to use (default: login)
  --hash=HASH           run the password through the specified hash before
                        outputting it
  --salt                combined with --hash, the key will be used as a salt
  --pbkdf2              use pbkdf2 with optional --hash and --salt to hash the
                        password for output
  -t TEMPFILE, --tempfile=TEMPFILE
                        write get/password/username to a tempfile (deleted 1s
                        after creation)
  -c, --clipboard       write get/password/username to a clipboard (cleared
                        10s after being set). Requires xclip
  -p, --paste           when used with 'prompt', paste the result password
                        into the currently focused field. Requires xdotool

vimperator

A vimperator plugin is provided which can be used to populate username/password fields on web site login forms by pulling the information from the keyring based on the current domain.

To install this plugin simply add the absolute path to the keyring's vimperator directory to your vimperator runtimepath in your ~/.vimperatorrc file:

set runtimepath+=/path/to/keyring/vimperator

After you've installed the plugin, the next step is to store your credentials for a domain in the keyring using the format username@domain where username can be an email address if necessary:

./bin/keyring set [email protected]
./bin/keyring set [email protected]@somesite.com

When deciding what domain to suffix the key with, please be aware that the vimperator plugin will use the full domain name, but will strip off common prefixes (www, www\d*, wwws, us, login, sitekey, secure):

www.site.com -> site.com
www1.site.com -> site.com
users.site.com -> users.site.com (no change)

Once you've added your credentials for a given site to the keyring, you can then navigate to that site's login page and simply run :keyring login and the username/password fields should be populated, allowing you to then manually submit the form.

Note that the plugin will log some general debug info to the firebug console allowing to get an idea of what is happening behind the scenes.

Here is a full usage for the :keyring command:

Usage:
  :keyring login
     Attempt to find the username/password fields and populate them.
  :keyring username
     Populate the current (or last) focused input with the username.
  :keyring password
     Populate the current (or last) focused password input with the password.
     Note: this will only populate the input if it is of type 'password'.

pentadactyl

The pentadactyl plugin is just like the vimperator plugin, but you instead add the keyring's pentadactyl directory the runtimepath in your ~/.pentadactylrc file:

set runtimepath+=/path/to/keyring/pentadactyl

irssi

An irssi plugin is provided allowing you to authenticate all or individually configured accounts using gnome-keyring.

You can install the plugin by copying or symlinking the irssi/scripts/keyring.pl file to your irssi scripts directory (~/.irssi/scripts) and then adding a corresponding load line to your irssi startup file (~/.irssi/startup):

load keyring.pl

After installing the keyring.pl plugin, you then need to create a login file in your irssi config directory (~/.irssi/login) with a list of connection commands, one per line, where the special <password> token is replaced with the password obtained from the keyring.

Here is an example file to authenticate a freenode account and a google talk account:

connect irc.freenode.net 6667 <password> mynick
xmppconnect -host talk.google.com [email protected] <password>

Note that if the actual key used in the keyring for that account differs from the username specified in the connection string, you can use the <password:key> syntax to specify the key to use when looking up the password:

xmppconnect -host talk.google.com [email protected] <password:[email protected]@irssi>

Once you've created the login file, you can then use the /keyring [username] command in irssi to authenticate all or individual accounts:

/keyring
/keyring username

Similar to using /names in a channel, supplying the special username names to /keyring will print a list of available usernames:

This feature can also be used with irssi's /set command if you have a sensitive setting value. Any lines in your login file in the form of:

set some_var <password>

Will use the variable name (some_var in this example) as the keyring key to lookup, and will substitute in the retrieved value to be set on that variable in irssi.

/keyring names

offlineimap

The keyring python module included at bin/keyring can also be used in conjunction with offlineimap.

The first step is to set the pythonfile setting in your ~/.offlineimaprc file:

pythonfile = /path/to/keyring/bin/keyring

Then for each of your email repository configs in your ~/.offlineimaprc, you can set the remotepasseval setting to pull the password from the keyring:

remotepasseval = Keyring().get('[email protected]')

msmtp

When configured using --with-gnome-keyring, msmtp supports pulling credentials from gnome-keyring. The only caveat is that msmtp requires that the credentials be stored in a very specific format in the keyring. To store keys in the proper format, the bin/keyring script provides a dedicated smtp command which will prompt you for the appropriate values:

./bin/keyring smtp

Others

For other programs the keyring script provides a prompt command which will open a dialog (pygtk) where you can enter the key to use and the keyring script will put the resulting password into your clipboard for 10 seconds during which time you can paste it into the password field of whatever app you are using:

./bin/keyring prompt

If you would like the paste step to be performed for you, you can supply the --paste argument. Be careful though since this command cannot determine if the currently focused input is a text field or not, so it would paste into a clear text field exposing your password to anyone watching over your shoulder.

./bin/keyring prompt --paste

You can create a mapping to this command in your preferred window manager to provide easy access to your keyring.