Skip to content

Instantly share code, notes, and snippets.

@sgskinner

sgskinner/gnome-keyring-cli-interaction.md

Last active January 31, 2026 13:31
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save sgskinner/dded77c2c5068bbfbe4f24115a43ca03 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save sgskinner/dded77c2c5068bbfbe4f24115a43ca03 to your computer and use it in GitHub Desktop.
Download ZIP
Interacting with `gnome-keyring` on CLI
Raw
gnome-keyring-cli-interaction.md

This assumes your main gnome Login keyring is automatically unlocked during login from your DM, or your keyring's password has been set to empty (the latter being common with autologin).

To store secrets:

$ secret-tool store --label="VPN Username" vpn-store username
<enter username here>
$ secret-tool store --label="VPN Password" vpn-store password
<enter password here>
$ secret-tool store --label="VPN URL" vpn-store url
<enter url here>

To retrieve a secret:

secret-tool lookup vpn-store password

Using in an expect script:

#!/usr/bin/expect
#
# A script to pull credentials from gnome-keyring, start up
# openconnect with username/url, and supply password when
# prompted.
#

# Pull from gnome-keyring
set username [exec secret-tool lookup vpn-store username]
set password [exec secret-tool lookup vpn-store password]
set url [exec secret-tool lookup vpn-store url]

set timeout 60

# Fire up the vpn with the pulled username and url
spawn sudo openconnect -u $username --useragent='AnyConnect' --no-xmlpost $url

# Supply the password from keyring when prompted
expect "Password:"
send "$password\r"

# Interact to allow supplying the yubikey keypress
interact
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment