recording and retrieving "secrets" into gpg files

Damien Goutte-Gattat dgouttegattat at incenp.org
Sun Oct 2 09:52:22 CEST 2016


On 10/02/2016 12:10 AM, Arbiel (gmx) wrote:
> In fact, I wish to record "secrets" in gnome-keyrings, as seahorse does,
> and I am looking for tutorials which explain how to do so with bash
> scripts, which are the only "programs" I am able to write.

Then you might have a look at the secret-tool program (in the 
libsecret-tools package), which is a command-line client (so, it should 
be scriptable with bash) to the secret service [1].

(The "secret service" is the service responsible for managing the 
keyrings. Seahorse is only a client for that service, it does not 
manipulate the keyring itself.)

E.g., to store a secret into the default keyring:

   $ echo -n "mysecret" | secret-tool store --label="A secret" \
     hostname www.example.com

where "mysecret" is the secret to store, "A secret" is the name that 
will be displayed in Seahorse, and "hostname www.example.com" is a key 
value pair that you can later use to search for this secret.

To retrieve this secret:

   $ secret-tool search hostname www.example.com

You will not have to use GnuPG. In fact, as far as I know GnuPG is not 
involved anywhere --- the secret service daemon encrypts the keyring 
itself, it does not use GnuPG for that.

Hope that helps,

Damien


[1] https://specifications.freedesktop.org/secret-service/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20161002/e654db0d/attachment.sig>


More information about the Gnupg-users mailing list