/secretstorage

Python bindings to Freedesktop.org Secret Service API

Primary LanguagePythonBSD 3-Clause "New" or "Revised" LicenseBSD-3-Clause

GitHub Actions status Coverage status ReadTheDocs status

Module description

This module provides a way for securely storing passwords and other secrets.

It uses D-Bus Secret Service API that is supported by GNOME Keyring, KWallet (since version 5.97) and KeePassXC.

The main classes provided are secretstorage.Item, representing a secret item (that has a label, a secret and some attributes) and secretstorage.Collection, a place items are stored in.

SecretStorage supports most of the functions provided by Secret Service, including creating and deleting items and collections, editing items, locking and unlocking collections.

The documentation can be found on secretstorage.readthedocs.io.

Building the module

SecretStorage requires Python ≥ 3.9 and these packages to work:

To build SecretStorage, use this command:

python3 -m build

If you have Sphinx installed, you can also build the documentation:

python3 -m sphinx docs build/sphinx/html

Testing the module

First, make sure that you have the Secret Service daemon installed. The GNOME Keyring is the reference server-side implementation for the Secret Service specification.

Then, start the daemon and unlock the default collection, if needed. The testsuite will fail to run if the default collection exists and is locked. If it does not exist, the testsuite can also use the temporary session collection, as provided by the GNOME Keyring.

Then, run the Python unittest module:

python3 -m unittest discover -s tests

If you want to run the tests in an isolated or headless environment, run this command in a D-Bus session:

dbus-run-session -- python3 -m unittest discover -s tests

Get the code

SecretStorage is available under BSD license. The source code can be found on GitHub.