Package Health Score

88 / 100

security
No known security issues
popularity
Key ecosystem project
maintenance
Healthy
community
Sustainable

Explore Similar Packages

Popularity

Key ecosystem project

GitHub Stars: 1.19K
Forks: 148
Contributors: 100

Direct Usage Popularity

Based on project statistics from the GitHub repository for the PyPI package keyring, we found that it has been starred 1,192 times.

Security

No known security issues

Security and license risk for latest version

Release Date: Apr 2, 2024
Direct Vulnerabilities: 0
C
0
H
0
M
0
L
Indirect Vulnerabilities: 0
C
0
H
0
M
0
L
License Risk: 0
H
0
M
0
L

All security vulnerabilities belong to production dependencies of direct and indirect packages.

License

MIT

Security Policy

Yes

You can connect your project's repository to Snyk to stay up to date on security alerts and receive automatic fix pull requests.

Keep your project free of vulnerabilities with Snyk

Maintenance

Healthy

Commit Frequency

Open Issues: 61
Open PR: 5
Last Release: 17 days ago
Last Commit: 3 days ago

Further analysis of the maintenance status of keyring based on released PyPI versions cadence, the repository activity, and other data points determined that its maintenance is Healthy.

We found that keyring demonstrates a positive version release cadence with at least one new version released in the past 3 months.

As a healthy sign for on-going project maintenance, we found that the GitHub repository had at least 1 pull request or issue interacted with by the community.

Community

Sustainable

Readme: Yes
Contributing.md: No
Code of Conduct: No
Contributors: 100
Funding: Yes

With more than 10 contributors for the keyring repository, this is possibly a sign for a growing and inviting community.

We found a way for you to contribute to the project! Looks like keyring is missing a Code of Conduct.

Embed Package Health Score Badge

Keep your project healthy

Check your requirements.txt

Ensure all the packages you're using are healthy and well-maintained

Snyk Vulnerability Scanner

Get health score & security insights directly in your IDE

Package

Python Versions Compatibility: >=3.8

Age: 15 years
Latest Release: 17 days ago
Dependencies: 3 Direct
Versions: 195
Maintainers: 1
Wheels: OS Independent

Not sure how to use keyring?

To help you get started, we've collected the most common ways that keyring is being used within popular public projects.

easybuilders / easybuild-framework / test / framework / suite.py View on Github

import test.framework.variables as v
import test.framework.yeb as y

# set plain text key ring to be used,
# so a GitHub token stored in it can be obtained without having to provide a password
try:
    # with recent versions of keyring, PlaintextKeyring comes from keyrings.alt
    import keyring
    from keyrings.alt.file import PlaintextKeyring
    keyring.set_keyring(PlaintextKeyring())
except ImportError as err:
    try:
        # with old versions of keyring, PlaintextKeyring comes from keyring.backends
        import keyring
        from keyring.backends.file import PlaintextKeyring
        keyring.set_keyring(PlaintextKeyring())
    except ImportError as err:
        pass

# disable all logging to significantly speed up tests
fancylogger.disableDefaultHandlers()
fancylogger.setLogLevelError()


# make sure temporary files can be created/used
try:
    set_tmpdir(raise_error=True)
except EasyBuildError, err:
    sys.stderr.write("No execution rights on temporary files, specify another location via $TMPDIR: %s\n" % err)
    sys.exit(1)

# initialize logger for all the unit tests

View more ways to use keyring

The Python keyring library provides an easy way to access the system keyring service from python. It can be used in any application that needs safe password storage.

These recommended keyring backends are supported:

macOS Keychain
Freedesktop Secret Service supports many DE including GNOME (requires secretstorage)
KDE4 & KDE5 KWallet (requires dbus)
Windows Credential Locker

Other keyring implementations are available through Third-Party Backends.

Installation - Linux

On Linux, the KWallet backend relies on dbus-python, which does not always install correctly when using pip (compilation is needed). For best results, install dbus-python as a system package.

Compatibility - macOS

macOS keychain supports macOS 11 (Big Sur) and later requires Python 3.8.7 or later with the "universal2" binary. See #525 for details.

Using Keyring

The basic usage of keyring is pretty simple: just call keyring.set_password and keyring.get_password:

&gt;&gt;&gt; import keyring
&gt;&gt;&gt; keyring.set_password("system", "username", "password")
&gt;&gt;&gt; keyring.get_password("system", "username")
'password'

Command-line Utility

Keyring supplies a keyring command which is installed with the package. After installing keyring in most environments, the command should be available for setting, getting, and deleting passwords. For more usage information, invoke with no arguments or with --help as so:

$ keyring --help
$ keyring set system username
Password for 'username' in 'system':
$ keyring get system username
password

The command-line functionality is also exposed as an executable package, suitable for invoking from Python like so:

$ python -m keyring --help
$ python -m keyring set system username
Password for 'username' in 'system':
$ python -m keyring get system username
password

Tab Completion

If installed via a package manager (apt, pacman, nix, homebrew, etc), these shell completions may already have been distributed with the package (no action required).

Keyring provides tab completion if the completion extra is installed:

$ pip install 'keyring[completion]'

Then, generate shell completions, something like:

$ keyring --print-completion bash | sudo tee /usr/share/bash-completion/completions/keyring
$ keyring --print-completion zsh | sudo tee /usr/share/zsh/site-functions/_keyring
$ keyring --print-completion tcsh | sudo tee /etc/profile.d/keyring.csh

Note: the path of /usr/share is mainly for GNU/Linux. For other OSs, consider:

macOS (Homebrew x86): /usr/local/share
macOS (Homebrew ARM): /opt/homebrew/share
Android (Termux): /data/data/com.termux/files/usr/share
Windows (mingw64 of msys2): /mingw64/share
...

After installing the shell completions, enable them following your shell's recommended instructions. e.g.:

bash: install bash-completion, and ensure . /usr/share/bash-completion/bash_completion in ~/.bashrc.
zsh: ensure autoload -Uz compinit && compinit appears in ~/.zshrc, then grep -w keyring ~/.zcompdump to verify keyring appears, indicating it was installed correctly.

Configuring

The python keyring lib contains implementations for several backends. The library will attempt to automatically choose the most suitable backend for the current environment. Users may also specify the preferred keyring in a config file or by calling the set_keyring() function.

Config file path

The configuration is stored in a file named "keyringrc.cfg" found in a platform-specific location. To determine where the config file is stored, run keyring diagnose.

Config file content

To specify a keyring backend, set the default-keyring option to the full path of the class for that backend, such as keyring.backends.macOS.Keyring.

If keyring-path is indicated, keyring will add that path to the Python module search path before loading the backend.

For example, this config might be used to load the SimpleKeyring from the simplekeyring module in the ./demo directory (not implemented):

[backend]
default-keyring=simplekeyring.SimpleKeyring
keyring-path=demo

Third-Party Backends

In addition to the backends provided by the core keyring package for the most common and secure use cases, there are additional keyring backend implementations available for other use cases. Simply install them to make them available:

keyrings.cryptfile
- Encrypted text file storage.
keyrings.alt - "alternate", possibly-insecure backends, originally part of the core package, but available for opt-in.
gsheet-keyring

- a backend that stores secrets in a Google Sheet. For use with ipython-secrets.
bitwarden-keyring

- a backend that stores secrets in the BitWarden password manager.
onepassword-keyring
- a backend that stores secrets in the 1Password password manager.
sagecipher - an encryption backend which uses the ssh agent protocol's signature operation to derive the cipher key.
keyrings.osx_keychain_keys
- OSX keychain key-management, for private, public, and symmetric keys.
keyring_pass.PasswordStoreBackend
- Password Store (pass) backend for python's keyring
keyring_jeepney - a pure Python backend using the secret service DBus API for desktop Linux (requires keyring<24).

Write your own keyring backend

The interface for the backend is defined by keyring.backend.KeyringBackend. Every backend should derive from that base class and define a priority attribute and three functions: get_password(), set_password(), and delete_password(). The get_credential() function may be defined if desired.

See the backend module for more detail on the interface of this class.

Keyring employs entry points to allow any third-party package to implement backends without any modification to the keyring itself. Those interested in creating new backends are encouraged to create new, third-party packages in the keyrings namespace, in a manner modeled by the keyrings.alt package. See the setup.cfg file in that project for hints on how to create the requisite entry points. Backends that prove essential may be considered for inclusion in the core library, although the ease of installing these third-party packages should mean that extensions may be readily available.

To create an extension for Keyring, please submit a pull request to have your extension mentioned as an available extension.

Runtime Configuration

Keyring additionally allows programmatic configuration of the backend calling the api set_keyring(). The indicated backend will subsequently be used to store and retrieve passwords.

To invoke set_keyring:

# define a new keyring class which extends the KeyringBackend
import keyring.backend

class TestKeyring(keyring.backend.KeyringBackend):
    """A test keyring which always outputs the same password
    """
    priority = 1

    def set_password(self, servicename, username, password):
        pass

    def get_password(self, servicename, username):
        return "password from TestKeyring"

    def delete_password(self, servicename, username):
        pass

# set the keyring for keyring lib
keyring.set_keyring(TestKeyring())

# invoke the keyring lib
try:
    keyring.set_password("demo-service", "tarek", "passexample")
    print("password stored successfully")
except keyring.errors.PasswordSetError:
    print("failed to store password")
print("password", keyring.get_password("demo-service", "tarek"))

Disabling Keyring

In many cases, uninstalling keyring will never be necessary. Especially on Windows and macOS, the behavior of keyring is usually degenerate, meaning it will return empty values to the caller, allowing the caller to fall back to some other behavior.

In some cases, the default behavior of keyring is undesirable and it would be preferable to disable the keyring behavior altogether. There are several mechanisms to disable keyring:

Uninstall keyring. Most applications are tolerant to keyring not being installed. Uninstalling keyring should cause those applications to fall back to the behavior without keyring. This approach affects the Python environment where keyring would otherwise have been installed.
Configure the Null keyring in the environment. Set PYTHON_KEYRING_BACKEND=keyring.backends.null.Keyring in the environment, and the Null (degenerate) backend will be used. This approach affects all uses of Keyring where that variable is set.
Permanently configure the Null keyring for the user by running keyring --disable or python -m keyring --disable. This approach affects all uses of keyring for that user.

Altering Keyring Behavior

Keyring provides a mechanism to alter the keyring's behavior through environment variables. Each backend implements a KeyringBackend.set_properties_from_env, which when invoked will find all environment variables beginning with KEYRING_PROPERTY_{NAME} and will set a property for each {NAME.lower()} on the keyring. This method is invoked during initialization for the default/configured keyring.

This mechanism may be used to set some useful values on various keyrings, including:

keychain; macOS, path to an alternate keychain file
appid; Linux/SecretService, alternate ID for the application

Using Keyring on Ubuntu 16.04

The following is a complete transcript for installing keyring in a virtual environment on Ubuntu 16.04. No config file was used:

$ sudo apt install python3-venv libdbus-glib-1-dev
$ cd /tmp
$ pyvenv py3
$ source py3/bin/activate
$ pip install -U pip
$ pip install secretstorage dbus-python
$ pip install keyring
$ python
&gt;&gt;&gt; import keyring
&gt;&gt;&gt; keyring.get_keyring()

&gt;&gt;&gt; keyring.set_password("system", "username", "password")
&gt;&gt;&gt; keyring.get_password("system", "username")
'password'

Using Keyring on headless Linux systems

It is possible to use the SecretService backend on Linux systems without X11 server available (only D-Bus is required). In this case:

Install the GNOME Keyring daemon.
Start a D-Bus session, e.g. run dbus-run-session -- sh and run the following commands inside that shell.
Run gnome-keyring-daemon with --unlock option. The description of that option says:

> Read a password from stdin, and use it to unlock the login keyring > or create it if the login keyring does not exist.

When that command is started, enter a password into stdin and press Ctrl+D (end of data). After that, the daemon will fork into the background (use --foreground option to block).
Now you can use the SecretService backend of Keyring. Remember to run your application in the same D-Bus session as the daemon.

Using Keyring on headless Linux systems in a Docker container

It is possible to use keyring with the SecretService backend in Docker containers as well. All you need to do is install the necessary dependencies and add the --privileged flag to avoid any Operation not permitted errors when attempting to unlock the system's keyring.

The following is a complete transcript for installing keyring on a Ubuntu 18:04 container:

docker run -it -d --privileged ubuntu:18.04

$ apt-get update
$ apt install -y gnome-keyring python3-venv python3-dev
$ python3 -m venv venv
$ source venv/bin/activate # source a virtual environment to avoid polluting your system
$ pip3 install --upgrade pip
$ pip3 install keyring
$ dbus-run-session -- sh # this will drop you into a new D-bus shell
$ echo 'somecredstorepass' | gnome-keyring-daemon --unlock # unlock the system's keyring

$ python
&gt;&gt;&gt; import keyring
&gt;&gt;&gt; keyring.get_keyring()

&gt;&gt;&gt; keyring.set_password("system", "username", "password")
&gt;&gt;&gt; keyring.get_password("system", "username")
'password'

Integration

API

The keyring lib has a few functions:

get_keyring(): Return the currently-loaded keyring implementation.
get_password(service, username): Returns the password stored in the active keyring. If the password does not exist, it will return None.
get_credential(service, username): Return a credential object stored in the active keyring. This object contains at least username and password attributes for the specified service, where the returned username may be different from the argument.
set_password(service, username, password): Store the password in the keyring.
delete_password(service, username): Delete the password stored in keyring. If the password does not exist, it will raise an exception.

In all cases, the parameters (service, username, password) should be Unicode text.

Exceptions

The keyring lib raises the following exceptions:

keyring.errors.KeyringError: Base Error class for all exceptions in keyring lib.
keyring.errors.InitError: Raised when the keyring cannot be initialized.
keyring.errors.PasswordSetError: Raised when the password cannot be set in the keyring.
keyring.errors.PasswordDeleteError: Raised when the password cannot be deleted in the keyring.

Get Involved

Python keyring lib is an open community project and eagerly welcomes contributors.

Repository:
Bug Tracker:
Mailing list:

Security Considerations

Each built-in backend may have security considerations to understand before using this library. Authors of tools or libraries utilizing keyring are encouraged to consider these concerns.

As with any list of known security concerns, this list is not exhaustive. Additional issues can be added as needed.

macOS Keychain
- Any Python script or application can access secrets created by keyring from that same Python executable without the operating system prompting the user for a password. To cause any specific secret to prompt for a password every time it is accessed, locate the credential using the Keychain Access application, and in the Access Control settings, remove Python from the list of allowed applications.
Freedesktop Secret Service
- No analysis has been performed
KDE4 & KDE5 KWallet
- No analysis has been performed
Windows Credential Locker
- No analysis has been performed

Making Releases

This project makes use of automated releases and continuous integration. The simple workflow is to tag a commit and push it to Github. If it passes tests in CI, it will be automatically deployed to PyPI.

Other things to consider when making a release:

Check that the changelog is current for the intended release.

Running Tests

Tests are continuously run in Github Actions.

To run the tests locally, install and invoke tox.

Background

The project was based on Tarek Ziade's idea in this post. Kang Zhang initially carried it out as a Google Summer of Code project, and Tarek mentored Kang on this project.

For Enterprise

Available as part of the Tidelift Subscription.

This project and the maintainers of thousands of other packages are working with Tidelift to deliver one enterprise subscription that covers all of the open source you use.

Learn more.

keyring dependencies

jaraco-classes jaraco-context jaraco-functools

FAQs

What is keyring?

Store and access your passwords safely. Visit Snyk Advisor to see a full health score report for keyring, including popularity, security, maintenance & community analysis.

Is keyring popular?

The python package keyring receives a total of 22,323,139 weekly downloads. As such, keyring popularity was classified as a key ecosystem project. Visit the popularity section on Snyk Advisor to see the full health analysis.

Is keyring well maintained?

We found that keyring demonstrated a healthy version release cadence and project activity. It has a community of 100 open source contributors collaborating on the project. See the full package health analysis to learn more about the package maintenance status.

Is keyring safe to use?

The python package keyring was scanned for known vulnerabilities and missing license, and no issues were found. Thus the package was deemed as safe to use. See the full health analysis review.

Last updated on 19 April-2024, at 00:27 (UTC).

Build a secure application checklist

Select a recommended open source package

Minimize your risk by selecting secure & well maintained open source packages

DONE

Scan your app for vulnerabilities

Scan your application to find vulnerabilities in your: source code, open source dependencies, containers and configuration files

SCAN NOW

Fix identified vulnerabilities

Easily fix your code by leveraging automatically generated PRs

AUTO FIX

Monitor for new issues

New vulnerabilities are discovered every day. Get notified if your application is affected

MONITOR APP