Giter Club home page Giter Club logo

gnome-keyring-import-export's Introduction

gnome-keyring-import-export

A rewritten and expanded Python 3.x-variant of https://bitbucket.org/spookylukey/gnome-keyring-import-export This variant uses libsecret service instead of gnomekeyring

Simple script for exporting gnome2 (seahorse) keyrings, and re-importing on another machine.

Usage:

  1. Export json:

    gnome_keyring_import_export.py exportjson somefile.json

Please note - this dumps all your passwords unencrypted into somefile.json

  1. Export csv (lastpass.com format):

    gnome_keyring_import_export.py exportcsv somefile.csv

Tries to make educated guesses to make things turn up in the right columns.

Please note - this dumps all your passwords unencrypted into somefile.csv

  1. Import:

    gnome_keyring_import_export.py import somefile.json

This attempts to be intelligent about not duplicating secrets already in the keyrings - see messages.

However, if you are moving machines, sometimes an application name changes (e.g. "chrome-12345" -> "chrome-54321") so you might need to do some manual fixes on somefile.json first.

Please make BACKUP copies of your existing keyring files before importing into them, in case anything goes wrong. They are normally found in:

~/.gnome2/keyrings ~/.local/share/keyrings

  1. Export Chrome passwords to Firefox

This takes Chrome passwords stored in the Gnome keyring manager and creates a file than can be imported by the Firefox "Password Exporter" extension: https://addons.mozilla.org/en-US/firefox/addon/password-exporter/

gnome_keyring_import_export.py export_chrome_to_firefox somefile.xml

gnome-keyring-import-export's People

Contributors

nicklasb avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar

Forkers

khurshid-alam darksmile92 nikosl aakash-at

gnome-keyring-import-export's Issues

exporting keyrings is not a good practice

I would strongly recommend against exporting secret key chains, especially for script for transmission across servers. It basically goes against the thought process of secret key storage.

The ultimate goal is to touch keys as little as possible, and alias them to sub-sets of credentials or sub-keys that are revocable and ephemeral time/session-sensitive.

I recommend these best practices when generating keys:
https://gist.github.com/forktheweb/75346d3259989e0c6ef5

For instance, Amazon KMS works that way, so you can use aws s3 sync (part of the aws cli) to move data around using SSL connections and hardware crypto in various ways in and out of a cloud VPC.
All auth providers use some form of strategy, be it IAM, SAML, OpenAuth, or what have you.

They all require some sort of aliased token that is typically rotated in and out after a certain period in order to be re-verified, but you are never passin the actual master key, storing it, or decrypting it from the hypervisor or memory unless absolutely necessary, on root-login.

So a normal method for accessing credentials is a root-stored credential file like:

 mkdir -p /root/.aws/;    printf "[profile info]";    tee | /root/.aws/credentials

In most cases you have your root keyring for all gnupg and aws / kube/ node credentials stored in a root-read only directory rw- --- --- (600). On ubuntu the root account is never used, so it's very difficult to see what's in that directory even as an admin user, and it's less likely the keyring will be messed with or accidentally leak information when exporting. The best case scenario for dealing with a cluster of servers would be to copy the entire key ring set without exporting the secret key ever (except the first time you set it up... and just piping the key directly to a key storage faculty such as Etcd or Amazon KMS.

That's very simple to do:

Here's my guide on using KMS & ETCD for a more secure Devops setup for master keyrings using GNUPG:

https://gist.github.com/forktheweb/ee1d90d7a930bdf8e9732ef9101ae6a1

My recommendation is to use an ephemeral docker container with something like Etcd, or AWS S3 Sync, or supplementally you could use Bup or Duplicity which are both good at backing up with "hot backups". You could also export the docker as a tar to store state when you need to.

OTHER EXAMPLES:

**~ push your entire root directory to s3**
$ sudo sh /home/ubuntu/.scripts/dockers/aws.sh "aws s3 sync /root/ s3://stackfork.com --sse aws:kms"



**~custom s3 duplicity backups using GPG/ SSL**
#### https://easyengine.io/tutorials/backups/duplicity-amazon-s3/


    **now you set the value for next time you need to call this up via ptero**
$ ptero set s3-gpg.up "sudo sh /home/ubuntu/.scripts/dockers/aws.sh 'aws s3 sync /root/ s3://stackfork.com --sse aws:kms' " 


### NOW TEST :
$ ptero get s3-gpg.up

SIMPLE SYNC VIA DOCKER COMMAND

sudo sh /home/ubuntu/.scripts/dockers/aws.sh "aws s3 sync /root/ s3://stackfork.com --sse aws:kms"```



### FINALIZE:

    #  print the command
    $ ptero get s3-gpg.up  


    # execute the command to shell
    $ ptero get s3-gpg.up | sh


```bash

# should echo:


            Status: Image is up to date for xueshanf/awscli:latest
            ubuntu@ip-172-31-22-197:~$

Won't work in Ubuntu after Bionic

As they doesn't supply the typelib.

gnome_keyring_import_export.py:55: PyGIWarning: Gtk was imported without specifying a version first. Use gi.require_version('Gtk', '3.0') before import to ensure that the right version gets loaded.
  from gi.repository import Gtk
Traceback (most recent call last):
  File "gnome_keyring_import_export.py", line 56, in <module>
    from gi.repository import GnomeKeyring
  File "/usr/lib/python3/dist-packages/gi/importer.py", line 131, in load_module
    raise ImportError('cannot import name %s, '
ImportError: cannot import name GnomeKeyring, introspection typelib not found

I'm just not sure if this is a real bug or just a me missing something in Python-GNOME-Ubuntu relations.

module 'keyring' has no attribute 'list_keyring_names_sync'

This is for http://bitbucket.org/spookylukey/gnome-keyring-import-export/ but bitbucket doesn't have an issue tracker:

$ python3 /usr/local/bin/gnome_keyring_import_export.py export /tmp/passfile.json
Traceback (most recent call last):
  File "/usr/local/bin/gnome_keyring_import_export.py", line 214, in <module>
    export_keyrings(sys.argv[2])
  File "/usr/local/bin/gnome_keyring_import_export.py", line 82, in export_keyrings
    f.write(json.dumps(get_gnome_keyrings(), indent=2))
  File "/usr/local/bin/gnome_keyring_import_export.py", line 86, in get_gnome_keyrings
    for keyring_name in keyring.list_keyring_names_sync():
AttributeError: module 'keyring' has no attribute 'list_keyring_names_sync'

One possibility is that your keyring module might be different than what python3 provided (on my Ubuntu 18.04)

$ python3
Python 3.6.6 (default, Sep 12 2018, 18:26:19) 
[GCC 8.0.1 20180414 (experimental) [trunk revision 259383]] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import keyring
>>> help(keyring)

Help on package keyring:

NAME
    keyring

PACKAGE CONTENTS
    __main__
    backend
    backends (package)
    cli
    core
    credentials
    devpi_client
    errors
    getpassbackend
    http
    py27compat
    py33compat
    tests (package)
    util (package)

FUNCTIONS
    delete_password(service_name, username)
        Delete the password for the user in the specified service.
    
    get_keyring()
        Get current keyring backend.
    
    get_pass_get_password = get_password(prompt='Password: ', stream=None, service_name='Python', username=None)
    
    get_password(service_name, username)
        Get password from the specified service.
    
    set_keyring(keyring)
        Set current keyring backend.
    
    set_password(service_name, username, password)
        Set password for the user in the specified service.

DATA
    __all__ = ('set_keyring', 'get_keyring', 'set_password', 'get_password...

VERSION
    10.6.0

FILE
    /usr/lib/python3/dist-packages/keyring/__init__.py

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.