Ubuntu – How to get passwords from the keyring in the terminal for usage in scripts

command linekeyringsluksmountpassword

When you have a LUKS encrypted drive in your computer, Nautilus or Nemo will show it under Devices as a drive with a little lock on it.

When you click it, you need to enter a password. If you choose to remember this password forever, it gets saved to your keyring. Next boot, clicking on the drive will immediately mount it.

How do I 'immediately mount' such a drive for which the passphrase is stored in the keyring, from the terminal? I want to have an autostart script that will mount my LUKS drive when I log in. I do not want to store my passphrase in the script, I want to use the passphrase from the keyring:

If you go to Passwords And Keys, there's a bunch of nameless keys. In their properties you can find a description like gvfs-luks-uuid=xxxxxxxxxxxx and also the password for that LUKS drive. This is what Ubuntu uses.

One option I thought about is python-gnomekeyring but it can only get the keyname and password. I need what the GUI calls 'Technical Details' to get the password for a specific uuid because the keyname is always empty.

Best Answer

You can use secret-tools to store and retrieve the password from the keyring.

To store a new password:

secret-tool store --label='Password for mydrive' drive mydrive

I let you check in the keyring how it appears. To look it up (this command can easily be inserted in your script):

secret-tool lookup drive mydrive

Wifi Passwords

So as a partial solution I can confirm that migration of network manager passwords for wifi connections was successful. The procedure for network-manager passwords is:

Stop network-manager:
```
sudo service network-manager stop
```

Copy the necessary files in /etc/NetworkManager/ with:

sudo cp -r /BACKUPDESTINATION/etc/NetworkManager/{system-connections/,VPN} /etc/

Restart network-manager:
```
sudo service network-manager start
```

And you're done. I still haven't figured out how to copy passwords in the keyring (for ssh, gpg and remote-filesystems). It drives me mad!

Migrate keys and passwords

Finally I know, what was wrong. First of all the keys moved from the old ~/.gnome2/keyrings to the new ~/.local/share/keyrings. Probably due to the switch from Gnome to Unity. Also there seem to be additional files there, aside from the usual login.keyring and user.keystore. At least there where for me after a fresh install. Those hinder migration and I had to delete them.

As mentioned both user ID and user password on my new system matched their counterparts on the old system. If for you they don't, it might probably work to set the password on your old installation to blank (i.e. change your password to no password / empty password). Do that prior to backing up your old system.

Now here is what I did:

Backup the keyfile of the fresh installation in case something goes wrong:
```
mv ~/.local/share/keyrings ~/.local/share/oldkeyrings
```
Using move also makes sure that the other new files in ~/.local/share/keyrings are not there to interfere.

Copy the old keyring to the fresh installation:

mkdir ~/.local/share/keyrings && cp -r /BACKUPDESTINATION/home/$USER/.gnome2/keyrings/{login.keyring,user.keystore} ~/.local/share/keyrings

For gpg keys you'll have to copy ~/.gnupg over to the new install as well.

Make sure only you can access them and own them:

sudo chmod -R 600 ~/.local/share/keyrings/ && sudo chown -R $USER:$USER ~/.local/share/keyrings

(might not be necessary)

Log out and back in again

Best Answer

Related Solutions

Ubuntu – Full Disk Encryption with LUKS: auto mount second volume

Ubuntu – How migrate the keyring (containing ssh passprases, nautilus remote filesystem, pgp passwords) and network manager connections

Wifi Passwords

Migrate keys and passwords

Related Question