Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Environment variable for cryptfile password key #32

Open
martinrm77 opened this issue Nov 29, 2023 · 4 comments
Open

Environment variable for cryptfile password key #32

martinrm77 opened this issue Nov 29, 2023 · 4 comments

Comments

@martinrm77
Copy link

I am trying to use your fantastic keyring module in automation, but it lacks a scriptet method to give it a password key for the cryptfile, it keeps using a console prompt.
I can find the code to use an environment variable in the main branch, but when does it get pushed to a new version 3.10 and to pypi?
Please?

Then I can use it in scripts and with the ansible keyring_info module..
@Y3NK
Copy link

Y3NK commented Dec 13, 2023

Is it what you are looking after ?

from getpass import getpass
from os import getenv
from keyrings.cryptfile.cryptfile import CryptFileKeyring
import keyring
kr = CryptFileKeyring()
kr.keyring_key = getenv("MY_VAR_ENV_NAME") or getpass()

@martinrm77
Copy link
Author

No, I am looking for the functionality already in main, version 1.4.1., that takes the cryptfile password from an environment variable. I just wish it was published to pypi, so I can use it as painless as other python modules.

@shakefu
Copy link

shakefu commented Jan 31, 2024

@frispete - it looks like the 1.3.9 tag was a bad release - the code referenced by that tag is 2+ years old despite it being tagged in 2023. The environment variable KEYRING_CRYPTFILE_PATH present on main and added Nov 13, 2023 is not in that release. It only references the keyring.platform_.data_root().

@numericOverflow
Copy link

I had similar issues in RHEL9 python 3.12. For some reason, it looks like the version I got via pip is v1.3.9 and pulling password from KEYRING_CRYPTFILE_PASSWORD env var was not working.

Using a note at the end of the README:
You can avoid the interactive getpass() request for the keyring password by supplying kr.keyring_key = "your keyring password" before calling any other methods on the keyring.

I think I may have figured a bit of a work-around with the following script:

import os
from keyrings.cryptfile.cryptfile import CryptFileKeyring
kr = CryptFileKeyring()
#manually pass keyring_key pulled from env var
kr.keyring_key = os.environ['KEYRING_CRYPTFILE_PASSWORD']

#now there are no prompts for password any more:
kr.set_password("test", "user", "secret")
print(kr.get_password("test", "user"))

I don't know if there are any security implications, but this works to get rid of prompt.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@shakefu @numericOverflow @Y3NK @martinrm77