Ubuntu – Is it possible to use secret-tool to lookup existing seahorse passwords

command linepasswordseahorse

I found this post about getting passwords from the gnome keyring from commandline (How do I get passwords from the keyring in the terminal for usage in scripts?), and I found that secret-tool is the way to go. It's great that I can store passwords with secret-tool, but I can't seem to figure out how to lookup existing passwords that were stored using seahorse, which is what I'm really hoping to do. I don't know what attribute(s) and value(s) I would need to use to query them, and the man page is fairly vague on what these could possibly be.

Best Answer

I made a utility, lssecret, that lists all items using libsecret, including all GNOME Keyring items. It looks like libsecret automatically adds a key value pair for every item, but Seahorse doesn't show them in the GUI. Here's some example output from lssecret:

Collection: Login

Item:   Test Password
Secret: Tr0ub4dor&3
Key:    xdg:schema
Value:  org.gnome.keyring.Note

Item:   secret-tool item
Secret: s3cret-t00l
Key:    my key
Value:  my value
Key:    xdg:schema
Value:  org.freedesktop.Secret.Generic

Item:   Unlock password for: cueball@xkcd.com
Secret: correct horse battery staple
Key:    unique
Value:  ssh-store:/home/cueball/.ssh/id_rsa
Key:    xdg:schema
Value:  org.freedesktop.Secret.Generic

Item:   Network secret for GenericSSID/802-1x/password
Secret: S3cureW1f1Passw0rd
Key:    setting-name
Value:  802-1x
Key:    connection-uuid
Value:  6a762552-04b3-cd05-45ba-586688e0a029 
Key:    xdg:schema
Value:  org.freedesktop.NetworkManager.Connection
Key:    setting-key
Value:  password

GNOME Keyring stores each keyring as a collection in the secret service. You can see the default keyring, Login, in the output. The items represent:

  1. A password added to the keyring using seahorse. The description is "Test Password" and the actual password is "Tr0ub4dor&3".
  2. An item added using the command secret-tool store --label="secret-tool item" "my key" "my value", then typing "s3cret-t00l" into the prompt.
  3. A password for an ssh key so it can be automatically unlocked by gnome keyring. It was added using ssh-add from the command line, then checking the "Automatically unlock this key at login" box when it was first used.
  4. A wifi network password added by selecting "Store the password only for this user" in the NetworkManager connection editor.

As you can see, passwords added to a keyring using Seahorse have a key value pair of "xdg:schema" and "org.gnome.keyring.Note". You can list them all using secret-tool search --all xdg:schema org.gnome.keyring.Note.