File: keyring.rst

package info (click to toggle)
vdirsyncer 0.19.3-5
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 980 kB
  • sloc: python: 7,388; makefile: 204; sh: 66
file content (96 lines) | stat: -rw-r--r-- 2,417 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
 
=================
Storing passwords
=================

.. versionchanged:: 0.7.0

   Password configuration got completely overhauled.

Vdirsyncer can fetch passwords from several sources other than the config file.

Command
=======

Say you have the following configuration::

    [storage foo]
    type = "caldav"
    url = ...
    username = "foo"
    password = "bar"

But it bugs you that the password is stored in cleartext in the config file.
You can do this::

    [storage foo]
    type = "caldav"
    url = ...
    username = "foo"
    password.fetch = ["command", "~/get-password.sh", "more", "args"]

You can fetch the username as well::

    [storage foo]
    type = "caldav"
    url = ...
    username.fetch = ["command", "~/get-username.sh"]
    password.fetch = ["command", "~/get-password.sh"]

Or really any kind of parameter in a storage section.

You can also pass the command as a string to be executed in a shell::

    [storage foo]
    ...
    password.fetch = ["shell", "~/.local/bin/get-my-password | head -n1"]

With pass_ for example, you might find yourself writing something like this in
your configuration file::

    password.fetch = ["command", "pass", "caldav"]

.. _pass: https://www.passwordstore.org/

Accessing the system keyring
----------------------------

As shown above, you can use the ``command`` strategy to fetch your credentials
from arbitrary sources. A very common usecase is to fetch your password from
the system keyring.

The keyring_ Python package contains a command-line utility for fetching
passwords from the OS's password store. Installation::

    pip install keyring

Basic usage::

    password.fetch = ["command", "keyring", "get", "example.com", "foouser"]

.. _keyring: https://github.com/jaraco/keyring/

Password Prompt
===============

You can also simply prompt for the password::

    [storage foo]
    type = "caldav"
    username = "myusername"
    password.fetch = ["prompt", "Password for CalDAV"]

Environment variable
===============

To read the password from an environment variable::

    [storage foo]
    type = "caldav"
    username = "myusername"
    password.fetch = ["command", "printenv", "DAV_PW"]

This is especially handy if you use the same password multiple times
(say, for a CardDAV and a CalDAV storage).
On bash, you can read and export the password without printing::

    read -s DAV_PW "DAV Password: " && export DAV_PW