Python Keyring Lib

Store and access your passwords safely. (Python 라이브러리)

What is Python keyring lib?

The Python keyring lib provides an easy way to access the system keyring service from python. It can be used in any application that needs safe password storage.

The keyring library is licensed under both the MIT license and the PSF license.

These recommended keyring backends are supported by the Python keyring lib:

• macOS Keychain
• Freedesktop Secret Service supports many DE including GNOME (requires secretstorage)
• KDE4 & KDE5 KWallet (requires dbus)
• Windows Credential Locker

How to install

$ pip install keyring

Config file path

The configuration is stored in a file named "keyringrc.cfg" found in a platform-specific location. To determine where the config file is stored, run the following:

python -c "import keyring.util.platform_; print(keyring.util.platform_.config_root())"

Some keyrings also store the keyring data in the file system. To determine where the data files are stored, run:

python -c "import keyring.util.platform_; print(keyring.util.platform_.data_root())"

Example

set 명령

python -m keyring -b keyrings.cryptfile.file.EncryptedKeyring set myservice myusername

get 명령

python -m keyring -b keyrings.cryptfile.file.EncryptedKeyring get myservice myusername

Python Code Example

• Storing passwords with Python keyring - GeeksforGeeks

import keyring as kr 

kr.set_password("GeeksforGeeks", "Dwaipayan", "Geeks@123")
print("Before deleting password ", kr.get_password("GeeksforGeeks", "Dwaipayan"))

kr.delete_password("GeeksforGeeks", "Dwaipayan") 
print("After deleting Password", kr.get_password("GeeksforGeeks", "Dwaipayan")) 

Retrieving stored username and password:

import keyring as kr

kr.set_password("GeeksforGeeks","Dwaipayan","Geeks@123")

cred = kr.get_credential("GeeksforGeeks","")
print("Username : ",cred.username) 
print("Password : ",cred.password)

Third-Party Backends

In addition to the backends provided by the core keyring package for the most common and secure use cases, there are additional keyring backend implementations available for other use cases. Simply install them to make them available:

• keyrings.cryptfile - Encrypted text file storage.
• keyring_jeepney - a pure Python backend using the secret service DBus API for desktop Linux.
• keyrings.alt - "alternate", possibly-insecure backends, originally part of the core package, but available for opt-in.
• gsheet-keyring - a backend that stores secrets in a Google Sheet. For use with ipython-secrets.
• bitwarden-keyring - a backend that stores secrets in the BitWarden password manager.
• sagecipher - an encryption backend which uses the ssh agent protocol's signature operation to derive the cipher key.
• keyrings.osx_keychain_keys - OSX keychain key-management, for private, public, and symmetric keys.

백엔드 목록은 다음 명령으로 볼 수 있다:

python -m keyring --list-backends

다음과 같은 느낌으로 출력된다:

keyrings.cryptfile.file.EncryptedKeyring (priority: 0.6)
keyring.backends.chainer.ChainerBackend (priority: 10)
keyrings.cryptfile.cryptfile.CryptFileKeyring (priority: 2.5)
keyring.backends.SecretService.Keyring (priority: 5)
keyrings.alt.file.PlaintextKeyring (priority: 0.5)
sagecipher.keyring.Keyring (priority: 1)
keyrings.cryptfile.file.PlaintextKeyring (priority: 0.5)
keyrings.alt.file.EncryptedKeyring (priority: 0.6)
keyring.backends.fail.Keyring (priority: 0)

sagecipher

sagecipher를 사용하고 싶다면 우선 ssh-agent/ssh-add를 사용.

source <(ssh-agent)
ssh-add

다음, 키링 등록

$ opy -m keyring -b sagecipher.keyring.Keyring set myservice myusername
Password for 'myusername' in 'myservice':

다음, 키링 확인

$ opy -m keyring -b sagecipher.keyring.Keyring get myservice myusername
0000

Using Keyring on headless Linux systems in a Docker container

It is possible to use keyring with the SecretService backend in Docker containers as well. All you need to do is install the necessary dependencies and add the --privileged flag to avoid any Operation not permitted errors when attempting to unlock the system's keyring.

The following is a complete transcript for installing keyring on a Ubuntu 18:04 container:

docker run -it -d --privileged ubuntu:18.04

$ apt-get update
$ apt install -y gnome-keyring python3-venv python3-dev
$ python3 -m venv venv
$ source venv/bin/activate # source a virtual environment to avoid polluting your system
$ pip3 install --upgrade pip
$ pip3 install keyring
$ dbus-run-session -- sh # this will drop you into a new D-bus shell
$ echo 'somecredstorepass' | gnome-keyring-daemon --unlock # unlock the system's keyring

$ python
>>> import keyring
>>> keyring.get_keyring()
<keyring.backends.SecretService.Keyring object at 0x7f9b9c971ba8>
>>> keyring.set_password("system", "username", "password")
>>> keyring.get_password("system", "username")
'password'

자세한 내용은 dbus-run-session 와 gnome-keyring-daemon 항목 참조.

See also

• Python
• Secure Coding#Key store
• secret-tools

Favorite site

• Github - jaraco/keyring
• keyring pypi