Using Secrets API with dbus-send

Question

I'm trying to figure out how to get a password from the keyring using dbus-send , but I'm struggling to understand what the session parameter is.

Here's where I've got to:

#!/bin/bash

# Find key path
KEY_PATH=$(dbus-send --dest=org.freedesktop.secrets --print-reply=literal /org/freedesktop/secrets org.freedesktop.Secret.Service.SearchItems dict:string:string:"mount-point","/home/s/.mozilla/firefox" | grep -Eo '/\S+')
# Unlock keyring
RESULT=$(dbus-send --dest=org.freedesktop.secrets --print-reply=literal /org/freedesktop/secrets org.freedesktop.Secret.Service.Unlock array:objpath:$KEY_PATH | grep -Eo '/\S+')

# If unlocked...
if [ "$RESULT" = "$KEY_PATH" ]; then
    # Get password
    PASSWORD=$(dbus-send --dest=org.freedesktop.secrets --print-reply=literal /org/freedesktop/secrets org.freedesktop.Secret.Service.GetSecrets array:objpath:$KEY_PATH objpath:<WHAT IS SESSION?>)
    # Mount ecryptfs firefox directory
    echo $PASSWORD | ecryptfs-simple -o key=passphrase,ecryptfs_cipher=aes,ecryptfs_key_bytes=32,ecryptfs_passthrough=no,ecryptfs_enable_filename_crypto=yes,no_sig_cache=yes /home/s/.mozilla/.firefox-ecryptfs /home/s/.mozilla/firefox
    firefox $@
fi

I'm lost as to how to get a session to fetch the password.

Answer 1

The session needs to be created using:

org.freedesktop.Secret.Service.OpenSession (
    IN String algorithm,
    IN Variant input,
    OUT Variant output,
    OUT ObjectPath result);

https://specifications.freedesktop.org/secret-service/latest/re01.html

Here is an example of creating a non-encrypted session. Be aware the password returned by GetSecret will be a plain text as it uses a non-encrypted session:

dbus-send --dest=org.freedesktop.secrets --print-reply=literal /org/freedesktop/secrets org.freedesktop.Secret.Service.OpenSession string:plain variant:string:''

The output is the objpath to the created session:

variant          /org/freedesktop/secrets/session/s31

Then, theoretically, you can pass the session to GetSecrets . For example:

dbus-send --dest=org.freedesktop.secrets --print-reply=literal /org/freedesktop/secrets org.freedesktop.Secret.Service.GetSecrets array:objpath:/org/freedesktop/secrets/collection/login/6 objpath:/org/freedesktop/secrets/session/s31

Note: /org/freedesktop/secrets/collection/login/6 is the object path returned by SearchItems .

However, this does not work with dbus-send. I think this is because the session is likely closed as soon as dbus-send returns.

If you use d-feet, the session is retained until the d-feet window is closed. So, you will be able to get the password using d-feet though. But, I understood that you want to automate it.

I suggest you use python3's keyring which offers to get a password using an encrypted session.