LinuxCommandLibrary

secret-tool

Store and retrieve secrets securely

TLDR

Store a secret with an optional label

$ secret-tool store --label=[label] [key] [value]
copy

Retrieve a secret
$ secret-tool lookup key [key]
copy

Get more information about a secret
$ secret-tool search key [key]
copy

Delete a stored secret
$ secret-tool clear key [key]
copy

SYNOPSIS

secret-tool {store | lookup | clear | search} [options]

PARAMETERS

store
    Stores a secret in the vault.

lookup
    Retrieves a secret from the vault based on attributes.

clear
    Removes a secret from the vault based on attributes.

search
    Searches for secrets based on attributes.

--label
    Sets a descriptive label for the secret.


    Specifies attributes to identify the secret. Multiple attribute-value pairs can be specified.

DESCRIPTION

The `secret-tool` command provides a command-line interface for interacting with a secure secret storage system. It allows users to store, retrieve, and manage secrets such as passwords, API keys, and other sensitive data in an encrypted and protected manner. It's designed to be integrated into scripts and applications to provide secure access to credentials without hardcoding them. The secrets are typically stored in the user's keyring or another secure storage backend. It aims to offer a more robust and secure alternative to storing secrets in plain text files or environment variables. It helps prevent exposure of sensitive information.

CAVEATS

The specific security guarantees and storage backend used by `secret-tool` depend on the underlying implementation. It's essential to understand the security model of the chosen storage backend (e.g., GNOME Keyring, KWallet) to ensure appropriate protection of secrets. Lack of proper configuration might lead to security issues.

EXAMPLES

Storing a secret:
secret-tool store service myapp user myusername password mysecret

Retrieving a secret:
secret-tool lookup service myapp user myusername

Deleting a secret:
secret-tool clear service myapp user myusername

SECURITY CONSIDERATIONS

Always ensure that the attributes used to store and retrieve secrets are chosen carefully to prevent unauthorized access. Consider using multiple, unique attributes for improved security. Never store highly sensitive data as attribute values, as they may be less securely stored than the actual secret. Always back up the Keyring to prevent data loss.

SEE ALSO

gnome-keyring(1), kwalletd(1)

Copied to clipboard