Welcome to SecretStorage documentation!

This module provides a way for securely storing passwords and other secrets.

It uses D-Bus-based FreeDesktop.org Secret Service standard that is, for example, supported by GNOME Keyring (since version 2.30) and by KSecretsService.

It allows one to create new secret items, delete and search for passwords matching given attributes. It also supports graphical prompts when unlocking is needed.

SecretStorage code is hosted on GitHub.

Initializing D-Bus

See also

If you don’t know how D-Bus works, please read Introduction to D-Bus firstly.

Before using SecretStorage, you need to initialize D-Bus. This can be done using this context manager:

class secretstorage.create_connection[source]

A context manager that returns a new connection to the session bus, that will be an instance of jeepney’s DBusConnection class.

The D-Bus socket will be automatically closed on exit.

Example of usage:

with secretstorage.create_connection() as conn:
    collection = secretstorage.get_default_collection(conn)
    items = collection.search_items({'application': 'myapp'})

If for some reason you cannot use the context manager, there is also a plain function that returns a new connection:

secretstorage.dbus_init() → jeepney.integrate.blocking.DBusConnection[source]

Returns a new connection to the session bus, instance of jeepney’s DBusConnection class. This connection can then be passed to various SecretStorage functions, such as get_default_collection().

Warning

If you use this function directly, it may result in resource leak as the D-Bus socket will not be closed automatically. We recommend to use create_connection context manager instead, which will close the socket on exit.

Changed in version 3.0: Before the port to Jeepney, this function returned an instance of dbus.SessionBus class.

Changed in version 3.1: This function no longer accepts any arguments.

Examples of using SecretStorage

Creating a new item in the default collection:

>>> import secretstorage
>>> connection = secretstorage.dbus_init()
>>> collection = secretstorage.get_default_collection(connection)
>>> attributes = {'application': 'myapp', 'another attribute':
...     'another value'}
>>> item = collection.create_item('My first item', attributes,
...     b'pa$$word')

Getting item’s label, attributes and secret:

>>> item.get_label()
'My first item'
>>> item.get_attributes()
{'another attribute': 'another value', 'application': 'myapp'}
>>> item.get_secret()
b'pa$$word'

Locking and unlocking collections

The current version of SecretStorage provides only the synchronous API for locking and unlocking. This means that if prompting the user for a password is needed, then unlock() call will block until the password is entered.

>>> collection.lock()
>>> collection.is_locked()
True
>>> collection.unlock()
>>> collection.is_locked()
False

If you want to use the asynchronous API, please file a bug and describe your use case.

Indices and tables