问题
I'm developing a script with a co-worker that involves connecting to a database. We want to keep the code independent of which one of us uses it, while keeping our passwords private and not having to authenticate over and over during the workday. After some searching (we are both novices in Python) it seems that we can use keyring for this purpose, so I installed it from pip (most likely version 1.2.2 of the library, based on my memory of the installation date).
The problem is that when I try to access my stored passwords, I am prompted to set a master password to access the keyring, as shown here (from IDLE):
>>> import keyring
>>> keyring.set_password('Service', 'MyUsername', 'MyPassword')
Warning (from warnings module):
File "C:\Python27\lib\getpass.py", line 92
return fallback_getpass(prompt, stream)
GetPassWarning: Can not control echo on the terminal.
Warning: Password input may be echoed.
Please enter password for encrypted keyring:
After setting the password, I can get and set passwords easily, until I restart the shell. Now I have to enter the master password again:
>>> ================================ RESTART ================================
>>> import keyring
>>> print keyring.get_password('Service', 'MyUsername')
Warning (from warnings module):
File "C:\Python27\lib\getpass.py", line 92
return fallback_getpass(prompt, stream)
GetPassWarning: Can not control echo on the terminal.
Warning: Password input may be echoed.
Please enter password for encrypted keyring:
After entering the master password, this authentication persists only during the current session/between restarts. When running scripts from the command line, it's even worse - I have to authenticate every time the script is run. At this point, keyring is not saving me any time or effort, and I doubt it's making my password any more secure vs. memorization and manual entry.
After searching for solutions, it looks like keyring will automatically authenticate on Unix if the master password is the same as the password for the user account, but this didn't work for me on Windows.
Am I trying to get keyring to do something it's not meant to do, or is there just an error in my implementation?
My experience seems to conflict with that reported by another user who claims (s)he is not prompted for a password when an application tries to access the keyring in the related question, How does python-keyring work on Windows?
回答1:
Which backend are you using? Check using:
>>> from keyring import get_keyring
>>> get_keyring()
[... what is output here?]
If it outputs this:
<keyring.backends.file.EncryptedKeyring object at 0x.....>
Then that's why it's requesting a password. The module failed to find any platform specific keyring to use, so it's instead just encrypting your passwords using a master password and placing them into an ordinary file.
Personally, it's more important to me that my scripts run unattended than that my passwords are secure, so I wrote this function:
def configureKeyring():
"""
EncryptedKeyring requires a master password to unlock it, which is not ideal
for our scripts since we want them to run unattended. So if we're using
EncryptedKeyring, automatically swap to a PlaintextKeyring instead.
If we're using something else, say WinVaultKeyring, then that's more secure
than PlaintextKeyring without being any less convenient, so we'll use it.
"""
from keyring import get_keyring, set_keyring
from keyring.backends.file import EncryptedKeyring, PlaintextKeyring
if isinstance(get_keyring(), EncryptedKeyring):
set_keyring(PlaintextKeyring())
Before you use keyring
to set_password
or get_password
, run this function configureKeyring()
, if you, like me, value not needing to insert a master password over keeping your passwords safe. Please understand the security implications that you are storing your passwords in plaintext before doing this.
A better long term solution is to probably investigate all the other available backends and install the proper pre-reqs so that a different one can be used, if one exists where you don't need to input a master password and simply being logged in is sufficient.
来源:https://stackoverflow.com/questions/16799049/is-there-a-way-to-access-the-keyring-in-windows-without-giving-a-master-password