Skip to content

pass linux keyring backend issue #1486

New issue
New issue
Open
Open
pass linux keyring backend issue#1486
@jirib

Description

@jirib
jirib
opened on Nov 2, 2025

There are some odd issues with pass backend and saml2aws 2.36.19:

  1. odd error 
    ERRO[0000] keychain Get returned error                   err="The specified item could not be found in the keyring" helper=linuxkeyring
  2. ~/.aws/saml2aws/cache_default is created even pass is execve()
$ env  SAML2AWS_KEYRING_BACKEND='pass' strace -f -e process ~/.local/share/mise/installs/saml2aws/2.36.19/saml2aws login ...
execve("/home/jiri/.local/share/mise/installs/saml2aws/2.36.19/saml2aws", ["/home/jiri/.local/share/mise/ins"..., "login", "--verbose", "-p", "xxxx_AWSAdministratorAcc"..., "--cache-saml"], 0x7ffe1d2c47e0 /* 58 vars */) = 0
clone(child_stack=0xc000042000,
...
strace: Process 326090 attached
[pid 326088] clone(child_stack=0xc000094000,
...
 <unfinished ...>
[pid 326090] <... clone resumed>, tls=0xc000100098) = 326092
strace: Process 326093 attached
[pid 326088] <... clone resumed>, tls=0xc00007d898) = 326093
DEBU[0000] Running                                       command=login
DEBU[0000] Check if creds exist.                         command=login
DEBU[0000] Expand                                        name=/home/jiri/.aws/credentials pkg=awsconfig
DEBU[0000] resolveSymlink                                name=/home/jiri/.aws/credentials pkg=awsconfig
DEBU[0000] ensureConfigExists                            filename=/home/jiri/.aws/credentials pkg=awsconfig
Using IdP Account default to access Okta https://xxxxx.okta.com/home/amazon_aws/xxxxxx/xxx
ERRO[0000] keychain Get returned error                   err="The specified item could not be found in the keyring" helper=linuxkeyring
To use saved password just hit enter.
[pid 326089] tgkill(326088, 326088, SIGURG <unfinished ...>
[pid 326088] --- SIGURG {si_signo=SIGURG, si_code=SI_TKILL, si_pid=326088, si_uid=1000} ---
[pid 326089] <... tgkill resumed>)      = 0
? Username xxxx@example.com
? Password ********[pid 326089] tgkill(326088, 326088, SIGURG) = 0
...
DEBU[0007] resolveSymlink                                name=/home/jiri/.aws/saml2aws/cache_default pkg=samlcache
DEBU[0007] Could not read cache contentopen /home/jiri/.aws/saml2aws/cache_default: no such file or directory  Cache_file=/home/jiri/.aws/saml2aws/cache_default IdpAccount=default pkg=samlcache
...
DEBU[0009] okta session expires at: 2025-11-03T15:13:07.000Z  provider=okta
[pid 326104] clone(child_stack=NULL, flags=CLONE_VM|CLONE_VFORK|SIGCHLDstrace: Process 326105 attached
 <unfinished ...>
[pid 326105] execve("/usr/bin/pass", ["pass", "insert", "-m", "-f", "saml2aws/https:/xxxxxx.okta.com/ho"...], 0xc0004601e0 /* 59 vars */ <unfinished ...>
...

...and...

$ pass list | grep -A 3 saml2aws
├── saml2aws
│   └── https:
│       └── xxxx.okta.com
│           └── home
$ stat ~/.aws/saml2aws/cache_default 
  File: /home/jiri/.aws/saml2aws/cache_default
  Size: 11000     	Blocks: 24         IO Block: 4096   regular file
Device: 252,2	Inode: 71086023    Links: 1
Access: (0600/-rw-------)  Uid: ( 1000/    jiri)   Gid: ( 1000/    jiri)
Context: unconfined_u:object_r:user_home_t:s0
Access: 2025-11-02 16:13:30.419007777 +0100
Modify: 2025-11-02 16:13:10.591908869 +0100
Change: 2025-11-02 16:13:10.591908869 +0100
 Birth: 2025-11-02 16:13:10.591908869 +0100

$ date
Sun Nov  2 04:19:18 PM CET 2025

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions