Encrypted file cryptfile_pass.cfg created localy even if keys are saved in another shared file #720
Description
Describe the bug
I use "keyring" with "keyrings.cryptfile" backend. To store keys, I use a shared encrypted file located in /usr/local/share.
The encrypted file is generated with a python script as root. The password is read from root and from another user.
To Reproduce
import keyring
from keyrings.cryptfile.cryptfile import CryptFileKeyring
kr = CryptFileKeyring()
kr.keyring_key = os.environ['KEYRING_CRYPTFILE_PASSWORD']
kr.file_path = '/usr/local/share/shared_keyring/cryptfile_pass.cfg'
keyring.set_keyring(kr)
m = keyring.get_password('LocalBackup',n)
The encrypted file cryptfile_pass.cfg is created just after call :
kr.keyring_key = os.environ['KEYRING_CRYPTFILE_PASSWORD']
if i write
kr.file_path = '/usr/local/share/shared_keyring/cryptfile_pass.cfg'
before
kr.keyring_key = os.environ['KEYRING_CRYPTFILE_PASSWORD']
it doesn't work because keyring wants to write in the encrypted file which is readonly. But why writting in this file. I just want to read password...
$ ls -al /usr/local/share/shared_keyring/cryptfile_pass.cfg
-rw-r--r-- 1 root root 392 juin 2 11:33 /usr/local/share/shared_keyring/cryptfile_pass.cfg
Expected behavior
The encrypted file cryptfile_pass.cfg is created localy which is not usefull and confusing.
Environment
- OS: Ubuntu 24.04.2 LTS
$ pip list | grep keyring
keyring 25.6.0
keyrings.cryptfile 1.3.9
$ keyring --list-backends
keyrings.cryptfile.file.EncryptedKeyring (priority: 0.6)
keyrings.cryptfile.file.PlaintextKeyring (priority: 0.5)
keyring.backends.SecretService.Keyring (priority: 5)
keyring.backends.fail.Keyring (priority: 0)
keyring.backends.chainer.ChainerBackend (priority: 10)
keyrings.cryptfile.cryptfile.CryptFileKeyring (priority: 2.5)
Additional context
if line
kr.file_path = '/usr/local/share/shared_keyring/cryptfile_pass.cfg'
is before
kr.keyring_key = os.environ['KEYRING_CRYPTFILE_PASSWORD']
I have the following errors :
Traceback (most recent call last):
File "/home/nicolas/test/./GetKeyring.py", line 22, in
kr.keyring_key = os.environ['KEYRING_CRYPTFILE_PASSWORD']
^^^^^^^^^^^^^^
File "/home/nicolas/.local/share/virtualenvs/test-WdP4gGdo/lib/python3.12/site-packages/keyrings/cryptfile/file.py", line 104, in keyring_key
self._init_keyring()
File "/home/nicolas/.local/share/virtualenvs/test-WdP4gGdo/lib/python3.12/site-packages/keyrings/cryptfile/file.py", line 115, in _init_keyring
self._init_file()
File "/home/nicolas/.local/share/virtualenvs/test-WdP4gGdo/lib/python3.12/site-packages/keyrings/cryptfile/file.py", line 125, in _init_file
self.set_password(
File "/home/nicolas/.local/share/virtualenvs/test-WdP4gGdo/lib/python3.12/site-packages/keyring/backend.py", line 60, in wrapper
return orig(self, system, username, *args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/nicolas/.local/share/virtualenvs/test-WdP4gGdo/lib/python3.12/site-packages/keyring/backend.py", line 60, in wrapper
return orig(self, system, username, *args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/nicolas/.local/share/virtualenvs/test-WdP4gGdo/lib/python3.12/site-packages/keyring/backend.py", line 60, in wrapper
return orig(self, system, username, *args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/nicolas/.local/share/virtualenvs/test-WdP4gGdo/lib/python3.12/site-packages/keyrings/cryptfile/file_base.py", line 136, in set_password
self._write_config_value(service, username, password_base64)
File "/home/nicolas/.local/share/virtualenvs/test-WdP4gGdo/lib/python3.12/site-packages/keyrings/cryptfile/file_base.py", line 171, in _write_config_value
with open(self.file_path, 'w') as config_file:
^^^^^^^^^^^^^^^^^^^^^^^^^