New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Loading secrets generated using python-keyring in different applications #485
Comments
As your link shows, this name was used since the first version of Secret Service backend. So I can only say that it was a choice of the initial author of that backend. Later in 25a63c3 we adjusted the legacy libgnome-keyring backend to use the same attributes. Ability to configure attribute names was also requested in #448. Pull requests to add support for that are welcome.
Actually, the Secret Service specification does not mention anything about schemas or how to create them. (To double-check, I cloned the xdg-specs repo and ran It looks like gnome-keyring implements it as a I also found this comment in libsecret code, which confirms that it is a gnome-keyring only feature: https://gitlab.gnome.org/GNOME/libsecret/-/blob/0.20.4/libsecret/mock/service.py#L278. |
Thx @mitya57 for your comment! You are right, grepping for
In my keyring there are items created by NetworkManager that use a different I found out that the
According to the code of this function, the schema just seems to be a normal I've just tried changing the schema in python-keyring by changing the
This works! Now search-tool outputs the new schema name 🎉
I think that changing the SecretService backend in python-keyring to set the |
Having a line like that does not hurt. But I think we should use a different reverse domain name, because we are affiliated with neither @jaraco What do you think? Maybe something like Also maybe it will be a good idea to make it configurable: if in future we make attribute names configurable, then we should also allow for changing the schema name. |
Probably there wasn't a lot more consideration given except for the convention that
Python keyring tries to stay agnostic, use defaults, and rely on standards defined by the tools with which it might interoperate. To that end, I'm a little reluctant to create a new schema specific to Python keyring. I'd prefer to adopt a (most) popular schema (probably Generic) and possible allow a user to opt-in to alternate schemas (if appropriate). Do I understand correctly that the issue here is that by using the default schema, the expected name for the service/host is Perhaps the backend could get additional support for different schemas to support the default schema and maybe a different one for KeyPassXC. Here's what I recommend:
|
I think no. If I understand correctly, For the record, gnome-keyring seems to support the following schemas:
The But the libsecret documentation says:
And to remind again, the schemas concept is GNOME-specific and is not even mentioned in the specification. |
I also think that for the generic schema any attributes can be used.
It's surprising that only only GNOME has the concept of schemas in the keyring. I never thought that |
I want to load the secrets from a (gnome-)keyring, which were created using
python-keyring, in my editor. The editor has support for loading secrets
from the keyring. However, I had a problem finding the secrets for a
specific hostname. The reason for problem is that my editor iterates over
all the items in the Login keyring until it finds one that has an attribute
called "host" matching the desired hostname. Since python-keyring uses the
attribue "service", no match is returned in my editor.
Now comes the question(s):
Is there any reason why "service" was chosen as
the attributename of the secrets stored in the Login keyring? I guess that
the chosen attribute names are not standardized, right?
This is the item in my keyring, created using the python-keyring library.
Is there also a reason why
org.freedesktop.Secret.Generic
was chosen as theschema instead of creating a new schema? I'm asking because using a
different schema would allow to add support for it in my editor.
The text was updated successfully, but these errors were encountered: