keyrings.cryptfile icon indicating copy to clipboard operation
keyrings.cryptfile copied to clipboard

Published 20 hours ago verified publisher icon frispete

Environment variable for cryptfile password key

Open martinrm77 opened this issue 1 year ago • 4 comments

I am trying to use your fantastic keyring module in automation, but it lacks a scriptet method to give it a password key for the cryptfile, it keeps using a console prompt. I can find the code to use an environment variable in the main branch, but when does it get pushed to a new version 3.10 and to pypi? Please?

Then I can use it in scripts and with the ansible keyring_info module..

martinrm77 avatar Nov 29 '23 16:11 martinrm77

Is it what you are looking after ?

from getpass import getpass
from os import getenv
from keyrings.cryptfile.cryptfile import CryptFileKeyring
import keyring
kr = CryptFileKeyring()
kr.keyring_key = getenv("MY_VAR_ENV_NAME") or getpass()

Y3NK avatar Dec 13 '23 22:12 Y3NK

No, I am looking for the functionality already in main, version 1.4.1., that takes the cryptfile password from an environment variable. I just wish it was published to pypi, so I can use it as painless as other python modules.

martinrm77 avatar Dec 14 '23 09:12 martinrm77

@frispete - it looks like the 1.3.9 tag was a bad release - the code referenced by that tag is 2+ years old despite it being tagged in 2023. The environment variable KEYRING_CRYPTFILE_PATH present on main and added Nov 13, 2023 is not in that release. It only references the keyring.platform_.data_root().

shakefu avatar Jan 31 '24 01:01 shakefu

I had similar issues in RHEL9 python 3.12. For some reason, it looks like the version I got via pip is v1.3.9 and pulling password from KEYRING_CRYPTFILE_PASSWORD env var was not working.

Using a note at the end of the README: You can avoid the interactive getpass() request for the keyring password by supplying kr.keyring_key = "your keyring password" before calling any other methods on the keyring.

I think I may have figured a bit of a work-around with the following script:

import os
from keyrings.cryptfile.cryptfile import CryptFileKeyring
kr = CryptFileKeyring()
#manually pass keyring_key pulled from env var
kr.keyring_key = os.environ['KEYRING_CRYPTFILE_PASSWORD']

#now there are no prompts for password any more:
kr.set_password("test", "user", "secret")
print(kr.get_password("test", "user"))

I don't know if there are any security implications, but this works to get rid of prompt.

numericOverflow avatar Sep 27 '24 23:09 numericOverflow