keyring MITkeyring (🥉27 · ⭐ 630) - Store and access your passwords safely. MIT

Related tags

Cryptography keyring
Overview
tests Code style: Black https://readthedocs.org/projects/keyring/badge/?version=latest https://tidelift.com/badges/package/pypi/keyring Join the chat at https://gitter.im/jaraco/keyring

The Python keyring library provides an easy way to access the system keyring service from python. It can be used in any application that needs safe password storage.

These recommended keyring backends are supported:

Other keyring implementations are available through Third-Party Backends.

Installation - Linux

On Linux, the KWallet backend relies on dbus-python, which does not always install correctly when using pip (compilation is needed). For best results, install dbus-python as a system package.

Using Keyring

The basic usage of keyring is pretty simple: just call keyring.set_password and keyring.get_password:

>>> import keyring
>>> keyring.set_password("system", "username", "password")
>>> keyring.get_password("system", "username")
'password'

Command-line Utility

Keyring supplies a keyring command which is installed with the package. After installing keyring in most environments, the command should be available for setting, getting, and deleting passwords. For more information on usage, invoke with no arguments or with --help as so:

$ keyring --help
$ keyring set system username
Password for 'username' in 'system':
$ keyring get system username
password

The command-line functionality is also exposed as an executable package, suitable for invoking from Python like so:

$ python -m keyring --help
$ python -m keyring set system username
Password for 'username' in 'system':
$ python -m keyring get system username
password

Configuring

The python keyring lib contains implementations for several backends. The library will attempt to automatically choose the most suitable backend for the current environment. Users may also specify the preferred keyring in a config file or by calling the set_keyring() function.

Config file path

The configuration is stored in a file named "keyringrc.cfg" found in a platform-specific location. To determine where the config file is stored, run the following:

python -c "import keyring.util.platform_; print(keyring.util.platform_.config_root())"

Some keyrings also store the keyring data in the file system. To determine where the data files are stored, run:

python -c "import keyring.util.platform_; print(keyring.util.platform_.data_root())"

Config file content

To specify a keyring backend, set the default-keyring option to the full path of the class for that backend, such as keyring.backends.OS_X.Keyring.

If keyring-path is indicated, keyring will add that path to the Python module search path before loading the backend.

For example, this config might be used to load the SimpleKeyring from the simplekeyring module in the ./demo directory (not implemented):

[backend]
default-keyring=simplekeyring.SimpleKeyring
keyring-path=demo

Third-Party Backends

In addition to the backends provided by the core keyring package for the most common and secure use cases, there are additional keyring backend implementations available for other use-cases. Simply install them to make them available:

Write your own keyring backend

The interface for the backend is defined by keyring.backend.KeyringBackend. Every backend should derive from that base class and define a priority attribute and three functions: get_password(), set_password(), and delete_password(). The get_credential() function may be defined if desired.

See the backend module for more detail on the interface of this class.

Keyring employs entry points to allow any third-party package to implement backends without any modification to the keyring itself. Those interested in creating new backends are encouraged to create new, third-party packages in the keyrings namespace, in a manner modeled by the keyrings.alt package. See the setup.cfg file in that project for a hints on how to create the requisite entry points. Backends that prove essential may be considered for inclusion in the core library, although the ease of installing these third-party packages should mean that extensions may be readily available.

To create an extension for Keyring, please submit a pull request to have your extension mentioned as an available extension.

Runtime Configuration

Keyring additionally allows programmatic configuration of the backend calling the api set_keyring(). The indicated backend will subsequently be used to store and retrieve passwords.

To invoke set_keyring:

# define a new keyring class which extends the KeyringBackend
import keyring.backend

class TestKeyring(keyring.backend.KeyringBackend):
    """A test keyring which always outputs same password
    """
    priority = 1

    def set_password(self, servicename, username, password):
        pass

    def get_password(self, servicename, username):
        return "password from TestKeyring"

    def delete_password(self, servicename, username, password):
        pass

# set the keyring for keyring lib
keyring.set_keyring(TestKeyring())

# invoke the keyring lib
try:
    keyring.set_password("demo-service", "tarek", "passexample")
    print("password stored successfully")
except keyring.errors.PasswordSetError:
    print("failed to store password")
print("password", keyring.get_password("demo-service", "tarek"))

Disabling Keyring

In many cases, uninstalling keyring will never be necessary. Especially on Windows and macOS, the behavior of keyring is usually degenerate, meaning it will return empty values to the caller, allowing the caller to fall back to some other behavior.

In some cases, the default behavior of keyring is undesirable and it would be preferable to disable the keyring behavior altogether. There are several mechanisms to disable keyring:

  • Uninstall keyring. Most applications are tolerant to keyring not being installed. Uninstalling keyring should cause those applications to fall back to the behavior without keyring. This approach affects that Python environment where keyring would otherwise have been installed.
  • Configure the Null keyring in the environment. Set PYTHON_KEYRING_BACKEND=keyring.backends.null.Keyring in the environment, and the Null (degenerate) backend will be used. This approach affects all uses of Keyring where that variable is set.
  • Permanently configure the Null keyring for the user by running keyring --disable or python -m keyring --disable. This approach affects all uses of keyring for that user.

Altering Keyring Behavior

Keyring provides a mechanism to alter the keyring's behavior through environment variables. Each backend implements a KeyringBackend.set_properties_from_env, which when invoked will find all environment variables beginning with KEYRING_PROPERTY_{NAME} and will set a property for each {NAME.lower()} on the keyring. This method is invoked during initialization for the default/configured keyring.

This mechanism may be used to set some useful values on various keyrings, including:

  • keychain; macOS, path to an alternate keychain file
  • appid; Linux/SecretService, alternate ID for the application

Using Keyring on Ubuntu 16.04

The following is a complete transcript for installing keyring in a virtual environment on Ubuntu 16.04. No config file was used:

$ sudo apt install python3-venv libdbus-glib-1-dev
$ cd /tmp
$ pyvenv py3
$ source py3/bin/activate
$ pip install -U pip
$ pip install secretstorage dbus-python
$ pip install keyring
$ python
>>> import keyring
>>> keyring.get_keyring()
<keyring.backends.SecretService.Keyring object at 0x7f9b9c971ba8>
>>> keyring.set_password("system", "username", "password")
>>> keyring.get_password("system", "username")
'password'

Using Keyring on headless Linux systems

It is possible to use the SecretService backend on Linux systems without X11 server available (only D-Bus is required). In this case:

  • Install the GNOME Keyring daemon.

  • Start a D-Bus session, e.g. run dbus-run-session -- sh and run the following commands inside that shell.

  • Run gnome-keyring-daemon with --unlock option. The description of that option says:

    Read a password from stdin, and use it to unlock the login keyring or create it if the login keyring does not exist.

    When that command is started, enter a password into stdin and press Ctrl+D (end of data). After that, the daemon will fork into background (use --foreground option to block).

  • Now you can use the SecretService backend of Keyring. Remember to run your application in the same D-Bus session as the daemon.

Integration

API

The keyring lib has a few functions:

  • get_keyring(): Return the currently-loaded keyring implementation.
  • get_password(service, username): Returns the password stored in the active keyring. If the password does not exist, it will return None.
  • get_credential(service, username): Return a credential object stored in the active keyring. This object contains at least username and password attributes for the specified service, where the returned username may be different from the argument.
  • set_password(service, username, password): Store the password in the keyring.
  • delete_password(service, username): Delete the password stored in keyring. If the password does not exist, it will raise an exception.

In all cases, the parameters (service, username, password) should be Unicode text.

Exceptions

The keyring lib raises following exceptions:

  • keyring.errors.KeyringError: Base Error class for all exceptions in keyring lib.
  • keyring.errors.InitError: Raised when the keyring cannot be initialized.
  • keyring.errors.PasswordSetError: Raised when password cannot be set in the keyring.
  • keyring.errors.PasswordDeleteError: Raised when the password cannot be deleted in the keyring.

Get Involved

Python keyring lib is an open community project and eagerly welcomes contributors.

For Enterprise

Available as part of the Tidelift Subscription.

This project and the maintainers of thousands of other packages are working with Tidelift to deliver one enterprise subscription that covers all of the open source you use.

Learn more.

Security Contact

To report a security vulnerability, please use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.

Security Considerations

Each builtin backend may have security considerations to understand before using this library. Authors of tools or libraries utilizing keyring are encouraged to consider these concerns.

As with any list of known security concerns, this list is not exhaustive. Additional issues can be added as needed.

  • macOS Keychain
    • Any Python script or application can access secrets created by keyring from that same Python executable without the operating system prompting the user for a password. To cause any specific secret to prompt for a password every time it is accessed, locate the credential using the Keychain Access application, and in the Access Control settings, remove Python from the list of allowed applications.
  • Freedesktop Secret Service
    • No analysis has been performed
  • KDE4 & KDE5 KWallet
    • No analysis has been performed
  • Windows Credential Locker
    • No analysis has been performed

Making Releases

This project makes use of automated releases continuous integration. The simple workflow is to tag a commit and push it to Github. If it passes tests in CI, it will be automatically deployed to PyPI.

Other things to consider when making a release:

  • Check that the changelog is current for the intended release.

Running Tests

Tests are continuously run in Github Actions.

To run the tests locally, install and invoke tox.

Background

The project was based on Tarek Ziade's idea in this post. Kang Zhang initially carried it out as a Google Summer of Code project, and Tarek mentored Kang on this project.

Comments
  • Can't fetch password from system

    Can't fetch password from system

    I am seeing this error on Yosemite (10.10.5 (14F27))

    keyring.backends._OS_X_API.Error: (-25293, "Can't fetch password from system")

    edit: it works if I enable all applications to use the password from the keychain.

    invalid 
    opened by rgardam 54
  • Default keyring is insecure

    Default keyring is insecure

    Just using the default from the keyring module defaults to a plaintext keyring file, which is very insecure. Either default to the system keyring, an otherwise encrypted keyring, or just fail with an error if you can't actually provide a secure keyring.

    Making plaintext the default will just lead users to think they are secure when their passwords are all dumped to the disk in plain text, which is insane.


    • Bitbucket: https://bitbucket.org/kang/python-keyring-lib/issue/117
    • Originally reported by: Stavros Korokithakis
    • Originally created at: 2013-09-27T14:11:44.531
    opened by jaraco 33
  • OS X backend not working when called from cron

    OS X backend not working when called from cron

    It was recently brought to my attention that python-keyring doesn't appear to be able to retrieve a password from the OS X Keychain when called from cron. Any ideas why?

    I assumed it has to do with the keychain being locked, but I'm able to access the keychain from cron using the security program (which keyring uses as its default OS X backend), as long as my cron entry first unlocks the keychain, e.g. security unlock-keychain -p MYPASS /path/to/login.keychain && security find-generic-password -a ACCOUNT -s SERVICE -g >> outfile.log

    Also -- totally irrelevant, but -- what prompted the change to GitHub from Bitbucket? I didn't seen any discussion of it with the relevant commit, maybe I missed it.

    opened by n8henrie 22
  • In KDE Plasma, keyring uses gnome-keyring by default

    In KDE Plasma, keyring uses gnome-keyring by default

    In a relatively fresh install of Fedora 25 with KDE Plasma as the DE, seems keyring prefers to use gnome-keyring (libgnome-keyring) by default. Getting rid of gnome-keyring doesn't solve the problem, while erasing libgnome-keyring is not feasible as it is a dependency of many packages. Any chance to add some logic to detect the desktop environment and use kwallet if running under plasma?

    help wanted languishing 
    opened by mczp 21
  • pytest-runner should be in test-requirements

    pytest-runner should be in test-requirements

    It doesn't seem to be used to install or do anything after install (except for running tests).


    • Bitbucket: https://bitbucket.org/kang/python-keyring-lib/issue/105
    • Originally reported by: Matthew Thode
    • Originally created at: 2013-07-10T22:02:59.446
    opened by jaraco 21
  • Moving forward with SecretStorage and D-Bus bindings

    Moving forward with SecretStorage and D-Bus bindings

    Hi @jaraco,

    One of the major issues with Keyring on Linux is the dbus-python dependency, which has the following problems:

    • It is difficult to install from PyPI: there are no wheels, it needs the D-Bus headers installed locally and compiles itself during install.
    • It is not actively developed, and the author recommends switching to another library.

    Some time ago I created a port of SecretStorage to Jeepney, a modern pure-Python library by @takluyver. Please see mitya57/secretstorage#10 and the wip/jeepney branch. I want it to eventually become the new release of SecretStorage.

    But Jeepney only supports Python 3.5+, while Keyring aims to support Python 2. So I wonder how we should resolve this issue. I see the following possibilities:

    1. Release the branch as a separate project, like secretstorage-ng. Tweak setup.py to select secretstorage-ng for newer Pythons and secretstorage for older Pythons. The module name will not change, so secretstorage and secretstorage-ng will conflict with each other.
    2. Release the branch as secretstorage 3.0a1. PyPI will not pull it automatically, but setup.py can select secretstorage>=3.0a1 for newer Pythons.
    3. Release the branch as secretstorage 3.0. Make setup.py select secretstorage<3 for older Pythons. I think I prefer this option, but I may consider others too.
    4. Try to fork Jeepney and add Python 2 / 3.4 support?

    What do you think?

    opened by mitya57 19
  • Password exposure through process listing on OS X

    Password exposure through process listing on OS X

    Keyring delegates password setting to security on OS X. When a password is set the process is Popen'd with the password in the command. I think this exposes the password to ps, e.g. you can see the arguments to sleep here:

    >>> import subprocess
    >>> subprocess.Popen(['sleep', '100'])
    
    $ ps
    PID   TTY           TIME CMD
    50559 ttys002    0:00.01 sleep 100
    

    • Bitbucket: https://bitbucket.org/kang/python-keyring-lib/issue/145
    • Originally reported by: Sam Birch
    • Originally created at: 2014-04-29T03:27:46.155
    opened by jaraco 18
  • probs in opensuse 12.1

    probs in opensuse 12.1

    Hi, I've been using Mercurial+python's kerying+python's mercurial-keyring together in the past on my opensuse 11.4 pc to "hg push" my local repositories to the server without having to type in my password repeatedly. It worked fine there.

    However, I've experienced a problem when now running in opensuse 12.1. Initially I reported this on the issue-tracker for mercurial-keyring, at:

    https://bitbucket.org/Mekk/mercurial_keyring/issue/23/probs-in-opensuse-121

    But the author said the trace indicates that the issue is at the keyring level and that I should report it here.

    Ok then, here's the trace:

    searching for changes
    http authorization required
    realm: Mecurial Repo
    user: gurcei (fixed in .hg/hgrc)
    password: 
    ERROR:dbus.proxies:Introspect error on :1.222:/org/freedesktop/secrets/aliases/default: dbus.exceptions.DBusException: org.freedesktop.Secret.Error.NoSuchObject: The '/org/freedesktop/secrets/aliases/default' object does not exist
    ERROR:dbus.connection:Unable to set arguments ({'org.freedesktop.Secret.Item.Label': u'gurcei@@http://rapiddev/hg @ Mercurial', 'org.freedesktop.Secret.Item.Attributes': {'username': u'gurcei@@http://rapiddev/hg', 'service': u'Mercurial'}}, dbus.Struct((dbus.ObjectPath('/org/freedesktop/secrets/session/s11'), '', dbus.ByteArray('xxxxx'), 'application/octet-stream'), signature=None), True) according to signature None: <type 'exceptions.TypeError'>: Expected a string or unicode object
    ** Unknown exception encountered with possibly-broken third-party extension mercurial_keyring
    ** which supports versions unknown of Mercurial.
    ** Please disable mercurial_keyring and try your action again.
    ** If that fixes the bug please report it to the extension author.
    ** Python 2.7.2 (default, Aug 19 2011, 20:41:43) [GCC]
    ** Mercurial Distributed SCM (version 2.4.1)
    ** Extensions loaded: hgk, mercurial_keyring
    Traceback (most recent call last):
      File "/usr/bin/hg", line 38, in <module>
        mercurial.dispatch.run()
      File "/usr/lib/python2.7/site-packages/mercurial/dispatch.py", line 28, in run
        sys.exit((dispatch(request(sys.argv[1:])) or 0) & 255)
      File "/usr/lib/python2.7/site-packages/mercurial/dispatch.py", line 65, in dispatch
        return _runcatch(req)
      File "/usr/lib/python2.7/site-packages/mercurial/dispatch.py", line 88, in _runcatch
        return _dispatch(req)
      File "/usr/lib/python2.7/site-packages/mercurial/dispatch.py", line 741, in _dispatch
        cmdpats, cmdoptions)
      File "/usr/lib/python2.7/site-packages/mercurial/dispatch.py", line 514, in runcommand
        ret = _runcommand(ui, options, cmd, d)
      File "/usr/lib/python2.7/site-packages/mercurial/dispatch.py", line 831, in _runcommand
        return checkargs()
      File "/usr/lib/python2.7/site-packages/mercurial/dispatch.py", line 802, in checkargs
        return cmdfunc()
      File "/usr/lib/python2.7/site-packages/mercurial/dispatch.py", line 738, in <lambda>
        d = lambda: util.checksignature(func)(ui, *args, **cmdoptions)
      File "/usr/lib/python2.7/site-packages/mercurial/util.py", line 472, in check
        return func(*args, **kwargs)
      File "/usr/lib/python2.7/site-packages/mercurial/commands.py", line 4751, in push
        newbranch=opts.get('new_branch'))
      File "/usr/lib/python2.7/site-packages/mercurial/localrepo.py", line 1910, in push
        ret = remote.unbundle(cg, remoteheads, 'push')
      File "/usr/lib/python2.7/site-packages/mercurial/wireproto.py", line 307, in unbundle
        ret, output = self._callpush("unbundle", cg, heads=heads)
      File "/usr/lib/python2.7/site-packages/mercurial/httppeer.py", line 200, in _callpush
        r = self._call(cmd, data=fp, headers=headers, **args)
      File "/usr/lib/python2.7/site-packages/mercurial/httppeer.py", line 170, in _call
        fp = self._callstream(cmd, **args)
      File "/usr/lib/python2.7/site-packages/mercurial/httppeer.py", line 118, in _callstream
        resp = self.urlopener.open(req)
      File "/usr/lib/python2.7/urllib2.py", line 400, in open
        response = meth(req, response)
      File "/usr/lib/python2.7/urllib2.py", line 513, in http_response
        'http', request, response, code, msg, hdrs)
      File "/usr/lib/python2.7/urllib2.py", line 432, in error
        result = self._call_chain(*args)
      File "/usr/lib/python2.7/urllib2.py", line 372, in _call_chain
        result = func(*args)
      File "/usr/lib/python2.7/urllib2.py", line 884, in http_error_401
        url, req, headers)
      File "/usr/lib/python2.7/site-packages/mercurial/url.py", line 431, in http_error_auth_reqed
        self, auth_header, host, req, headers)
      File "/usr/local/lib/python2.7/site-packages/mercurial_keyring-0.5.4-py2.7.egg/mercurial_keyring.py", line 363, in basic_http_error_auth_reqed
        return basic_http_error_auth_reqed.orig(self, authreq, host, req, headers)
      File "/usr/lib/python2.7/urllib2.py", line 859, in http_error_auth_reqed
        response = self.retry_http_basic_auth(host, req, realm)
      File "/usr/lib/python2.7/urllib2.py", line 865, in retry_http_basic_auth
        user, pw = self.passwd.find_user_password(realm, host)
      File "/usr/local/lib/python2.7/site-packages/mercurial_keyring-0.5.4-py2.7.egg/mercurial_keyring.py", line 357, in find_user_password
        return self._pwd_handler.find_auth(self, realm, authuri, req)
      File "/usr/local/lib/python2.7/site-packages/mercurial_keyring-0.5.4-py2.7.egg/mercurial_keyring.py", line 242, in find_auth
        password_store.set_http_password(keyring_url, user, pwd)
      File "/usr/local/lib/python2.7/site-packages/mercurial_keyring-0.5.4-py2.7.egg/mercurial_keyring.py", line 95, in set_http_password
        password)
      File "/usr/local/lib/python2.7/site-packages/keyring-1.2.2-py2.7.egg/keyring/core.py", line 42, in set_password
        _keyring_backend.set_password(service_name, username, password)
      File "/usr/local/lib/python2.7/site-packages/keyring-1.2.2-py2.7.egg/keyring/backends/SecretService.py", line 107, in set_password
        item, prompt = self.collection.CreateItem(properties, secret, True)
      File "/usr/lib/python2.7/site-packages/dbus/proxies.py", line 68, in __call__
        return self._proxy_method(*args, **keywords)
      File "/usr/lib/python2.7/site-packages/dbus/proxies.py", line 140, in __call__
        **keywords)
      File "/usr/lib/python2.7/site-packages/dbus/connection.py", line 620, in call_blocking
        message.append(signature=signature, *args)
    TypeError: Expected a string or unicode object
    

    • Bitbucket: https://bitbucket.org/kang/python-keyring-lib/issue/91
    • Originally reported by: Gurce Isikyildiz
    • Originally created at: 2013-02-17T22:00:07.233
    opened by jaraco 18
  • OSX install broken when using virtualenvs?

    OSX install broken when using virtualenvs?

    This lib seemed way interesting and got a bit of publicity a few weeks ago, so I decided to check it out the usual way: create a virtualenv, pip install the library inside it and play around.

    Except I didn't get anywhere: get_password would always return None (with no keychain prompt) and set_password would throw OSError: Can't store password in Keychain, in both cases whatever the service & account are. After a few reinstallations, I tried compiling from scratch (cloning from mercurial and python setup.py build… success. Both tip (4a551eda6bf8) and tag 0.2 build and work perfectly.

    Try to python setup.py install it in my virtualenv, failure again (except it now throws keyring.backend.PasswordSetError on set_password, due to being tip I guess).

    Tested the same scenario in a fresh OpenSUSE image, no issue.


    • Bitbucket: https://bitbucket.org/kang/python-keyring-lib/issue/13
    • Originally reported by: masklinn
    • Originally created at: 2009-12-30T17:10:27.189
    opened by jaraco 18
  • Keyrings unavailable on pyinstaller

    Keyrings unavailable on pyinstaller

    This error appears when I updated keyring from version 11.0.0 to version 12.2.0 and compiled my source with the pyinstaller. The source file works fine, However on running the binary I get RuntimeError: No recommended backend was available. Install the keyrings.alt package if you want to use the non-recommended backends. See README.rst for details.

    I have installed keyrings.alt, but I don't known how to use it, and how to modify my source for keyring.

    Thank for any help.

    opened by c-rei 17
  • Fix #380

    Fix #380

    Turned get_preferred_collection into a context_manager. This required no api change. I didn't take the effort to write a unittest that showed the issue.

    opened by CharString 16
  • Cannot List Backends

    Cannot List Backends

    I'm running Python 3.9.16 (under asdf-vm) and keyring 23.13.1, and cannot list backends from the command-line program. I'm not sure which backends, if any, are configured.

    $ keyring --list-backends
    Traceback (most recent call last):
      File "/home/user/.asdf/installs/python/3.9.16/bin/keyring", line 8, in <module>
        sys.exit(main())
      File "/home/user/.asdf/installs/python/3.9.16/lib/python3.9/site-packages/keyring/cli.py", line 134, in main
        return cli.run(argv)
      File "/home/user/.asdf/installs/python/3.9.16/lib/python3.9/site-packages/keyring/cli.py", line 59, in run
        for k in backend.get_all_keyring():
      File "/home/user/.asdf/installs/python/3.9.16/lib/python3.9/site-packages/keyring/util/__init__.py", line 22, in wrapper
        func.always_returns = func(*args, **kwargs)
      File "/home/user/.asdf/installs/python/3.9.16/lib/python3.9/site-packages/keyring/backend.py", line 215, in get_all_keyring
        _load_plugins()
      File "/home/user/.asdf/installs/python/3.9.16/lib/python3.9/site-packages/keyring/backend.py", line 199, in _load_plugins
        for ep in metadata.entry_points(group='keyring.backends'):
      File "/home/user/.asdf/installs/python/3.9.16/lib/python3.9/site-packages/importlib_metadata/__init__.py", line 856, in entry_points
        return EntryPoints(eps).select(**params)
      File "/home/user/.asdf/installs/python/3.9.16/lib/python3.9/site-packages/importlib_metadata/__init__.py", line 853, in <genexpr>
        eps = itertools.chain.from_iterable(
      File "/home/user/.asdf/installs/python/3.9.16/lib/python3.9/site-packages/importlib_metadata/_itertools.py", line 16, in unique_everseen
        k = key(element)
      File "/home/user/.asdf/installs/python/3.9.16/lib/python3.9/site-packages/importlib_metadata/_py39compat.py", line 18, in normalized_name
        return dist._normalized_name
      File "/home/user/.asdf/installs/python/3.9.16/lib/python3.9/site-packages/importlib_metadata/__init__.py", line 778, in _normalized_name
        or super()._normalized_name
      File "/home/user/.asdf/installs/python/3.9.16/lib/python3.9/site-packages/importlib_metadata/__init__.py", line 445, in _normalized_name
        return Prepared.normalize(self.name)
      File "/home/user/.asdf/installs/python/3.9.16/lib/python3.9/site-packages/importlib_metadata/__init__.py", line 700, in normalize
        return re.sub(r"[-_.]+", "-", name).lower().replace('-', '_')
      File "/home/user/.asdf/installs/python/3.9.16/lib/python3.9/re.py", line 210, in sub
        return _compile(pattern, flags).sub(repl, string, count)
    TypeError: expected string or bytes-like object
    
    opened by hendursaga 0
  • Windows 11 terminal hanging

    Windows 11 terminal hanging

    Password section in hanging in Windows 11 Command Prompt A clear and concise description of what the bug is. This bug is the password hanging when I use the twine module (and the twine module uses keyring)

    To Reproduce Steps to reproduce the behavior:

    1. Install the twine module (when said below).
    2. Make a blank local python module (https://packaging.python.org/en/latest/tutorials/packaging-projects/)
    3. Enter this command: py -m twine upload --repository testpypi dist/*
    4. Enter username (for everybody - token)
    5. See error - not able to enter password.

    Expected behavior I expect that you will be unable to enter your password as it will hang repeatedly.

    Environment

    • OS: Windows 11

    Additional context

    opened by 2010person 1
  • Use the keyring python module with gnome-keyring

    Use the keyring python module with gnome-keyring

    Not exactly a bug, but a lack of documentation. Sorry if it is not the right use of keyring.

    In a shell script I can get a needed password from gnome-keyring to a variable or feed it via pipe to some program:

    passwd=$(secret-tool lookup user myname domain somehost.com)
    

    If I got it right, keyring can be used for the same purpose in a python script. I could not find any minimal working example example to do that in python with keyring module. There probably must be a better way than using os.popen(cmd).read() with the above shell command...

    The example from the README file

    $ python
      >>> import keyring
      >>> keyring.get_keyring()
      <keyring.backends.SecretService.Keyring object at 0x7f9b9c971ba8>
      >>> keyring.set_password("system", "username", "password")
      >>> keyring.get_password("system", "username")
    

    launces "KDE Wallet Service" configuration which is not relevant for me, since I use gnome-keyring...

    Thank you!

    Environment

    • OS: Ubuntu 22.04
    $ dpkg -l |grep python3-keyring
    ii  python3-keyring                               23.5.0-1                                all          store and access your passwords safely
    $ keyring --list-backends
    keyring.backends.kwallet.DBusKeyring (priority: 4.9)
    keyring.backends.fail.Keyring (priority: 0)
    keyring.backends.chainer.ChainerBackend (priority: 10)
    keyring.backends.libsecret.Keyring (priority: 4.8)
    
    opened by rkouznetsov 2
  • Decode error messages

    Decode error messages

    Currently, the macOS Keyring backend hard-codes a few error codes to messages. Better would be to use the API to resolve error codes to human-readable message strings.

    I started looking into how to do it. I imagine it goes something like:

    >> api._sec.SecCopyErrorMessageString(-25244)
    -1797030505
    

    But probably something needs to translate that integer response into a CFString object and convert that object to a Python string.

    Maybe someone would be interested in determining how to do that?

    enhancement help wanted macOS good-first-issue 
    opened by jaraco 0
  • > The intention of keyring is that the default behavior _should_ be suitable.

    > The intention of keyring is that the default behavior _should_ be suitable.

        > The intention of keyring is that the default behavior _should_ be suitable.
    

    If the presence of the chainer is causing problems, it probably shouldn't be enabled by default or at the very least should have an escape hatch (a way for a library like backintime to disable its usage). I'd be happy to support such a thing in keyring if simply honoring chainer as "appropriate" isn't suitable.

    chainer is a cool thing and my challenge is now that the keyring API and configuration should more or less be hidden to end users since it is meant for developers or customizers (it should be a black box to end users IMHO).

    So I have to give the end-user of Back In Time a simply way to configure this from the Back-in-Time-app point of view (user should not need to learn internals of keyring).

    keyring's chainer uses some "heuristics" that seems to work non-deterministically from the Application point-of-view since external installations or settings may influence the priority value (I still have not completely browsed the keyring code so this is still more opinion than fact based I admit).

    So the end user just want's to specify and persist the used "password safe" instead of a technical backend of an App-internal library.

    And until the user does specify a "password safe" the "best guess" is the chainer so the default is good IMHO.

    What would be nice in keyring to improve embedding it into an CLI or GUI app:

    1. Add a public method to query for supported "password safes" (internally asking all available backends) return a list of the "pretty-labeled" password safes and a list of responsible backend names for each password safe to be used internally by 2.

      This would allow to fill a GUI widget more easily.

      Open question: How to cope with the 1:n nature of password safe to backends in the GUI then. The end user must take a decision for a backend finally, but based on which information?

    2. Add a public method to persist the chosen backend without editing a file. An app (as keyring client) shoudn't have to know the storage location and file format (= encapsulate this in keyring). Optionally this setting could be valid only for a app (could be passed as key) but I assume that the selection should be right for every app/client then.

    3. I assume we don't need to add an API to read the config file since the active backend (dominated by an existing config file) can already be queried with get_keyring().

    ~/.config/python_keyring/keyringrc.cfg containing ... necessary to “steer” the keyring system to using the correct backend. If honoring an environment variable or some other mechanism would help, keyring would be interested in exploring making this use-case simpler.

    I think a persistence API would be more helpful than another env var (see proposal 2).

    Originally posted by @aryoda in https://github.com/bit-team/backintime/issues/990#issuecomment-1272014311

    opened by jaraco 0
  • Introduce

    Introduce "downstream testing" workflow against keyrings.alt

    In reaction to #593 - it would be neat if there was a CI workflow which would do downstream testing against keyrings.alt released version. We do similar downstream testing e.g. in DataLad (https://github.com/datalad/datalad/blob/master/.github/workflows/test_extensions.yml) and other projects (e.g. for git-annex itself - testing against datalad in https://github.com/datalad/git-annex/) which helps tremendously to keep "ecosystem" healthy. Such testing would help to avoid such issues as #593 which might cause lots of ripple effects through downstream projects.

    opened by yarikoptic 0
Releases(v23.13.1)
Owner
Jason R. Coombs
Jason R. Coombs
Kyrie Eleison - The best and unique way to encrypt some data or a file safely

Encrypt your important data and files easily and safely with Kyrie Eleison.

Billy 39 Oct 27, 2022
Hyval will store your information encrypted and decrypt it when needed

Hyval will store your information encrypted and decrypt it when needed

soroush safari 3 Oct 31, 2021
Alpkunt 9 Sep 9, 2022
smartpassgen - A cross-platform package of modules for generating, secure storage and recovery of complex, cryptographic, smart passwords on the fly.

smartpassgen - A cross-platform package of modules for generating, secure storage and recovery of complex, cryptographic, smart passwords on the fly.

null 4 Sep 4, 2021
This project aims to assist in the search for leaked passwords while maintaining a high level of privacy using the k-anonymity method.

To achieve this, the APIs of different services are used, sending only a part of the Hash of the password we want to check, for example, the first 5 characters.

Telefónica 36 Jul 6, 2022
Highly decentralized and censorship-resistant way to store key data

Beacon coin Beacon coin is a Chia singelton coin that can store data that needs to be: always available censorship resistant versioned potentially imm

Sebastjan Trepca 24 Oct 4, 2022
Modern(-ish) password hashing for your software and your servers

bcrypt Good password hashing for your software and your servers Installation To install bcrypt, simply: $ pip install bcrypt Note that bcrypt should b

Python Cryptographic Authority 947 Dec 28, 2022
Encrypt your code without a worry. Stark utilizes the base64, hashlib and Crypto lib to encrypt your code which cannot be decrypted with any online tools.

Stark Encrypt your code without a worry. Stark utilizes the base64, hashlib and Crypto lib to encrypt your code which cannot be decrypted with any onl

cliphd 3 Sep 10, 2021
Run with one command grafana, prometheus, and a python script to collect and display cryptocurrency prices and track your wallet balance.

CryptoWatch Track your favorite crypto coin price and your wallet balance. Install Create .env: ADMIN_USER=admin ADMIN_PASSWORD=admin Configure you

Rafael Zimmermann 13 Dec 13, 2022
Accept Bitcoin donations on Twitch, and integrate them into your alerts!

The system in action Check out how seamlessly the project works! Support the project You can tip me with some sats here!

Fitti 27 Jan 8, 2023
Hasher Hash, Compare and Verify your files Translations

Hasher Hash, Compare and Verify your files Translations In order to translate Hasher to a language you must add a folder with the language abbreviatio

Jeyson Flores 14 Apr 1, 2022
This program can encrypt and decrypt your files so that they can no longer be identified.

File_Cryptographer Table of Contents: About the Program Features Requirements Preview Credits Reach Me See Also About the Program: with this program,

Sina.f 6 Nov 20, 2022
Calculate your taxes from cryptocurrency gains

CoinTaxman helps you to bring your income from crypto trading, lending, ... into your tax declaration.

Jeppy 118 Dec 26, 2022
A really, really bad way to encrypt your text

deoxyencryptingnucleicacids A really, really bad way to encrypt your text. A general description of the scheme Encoding: The ascii plaintext is first

Sam Pinkerton 1 Nov 1, 2021
Encrypt Your Script Python

EncryptScritpPY Encrypt Your Script Python This Script For Encrypt Your File Python Tutorial Install [+] Open Termnal [+] Type: git clone https://gith

null 1 Oct 7, 2021
An extreme encryption for everyone, encrypt your text before sending to anyone.

An extreme encryption for everyone, encrypt your text before sending to anyone. Alphabets and numbers are going to be encrypted like a hell

Saad 6 Oct 28, 2022
DCAStack: an Automated Dollar Cost Averaging Bot for Your Crypto

Welcome to DCA Stack! An Automated Dollar Cost Averaging Bot For Your Crypto Web

null 0 Sep 3, 2022
PytoPrice is an automation program to fetch the latest price of a cryptocurrency of your choice at a user-customizable update interval.

PyToPrice (Python Crypto Price) PytoPrice is an automation program to fetch the latest price of a cryptocurrency of your choice at a user-customizable

Peter 1 Jun 16, 2022
EncryptAGit - Encrypt Your Git Repos

EncryptAGit - Encrypt Your Git Repos

midnite_runr 25 Oct 6, 2022