Secret Tool Explained


secret-tool allows to access Gnome keyring from the command line.

This is a good option to store and retrieve password, for intance if you are using offlineimap or isync to retrieve email, but the syntax is kind of awkward and things get more confused if you use Seahorse to store or check stored passwords.

The … secret is *doing everything from the command line8, keeping in mind that the command:

$ secret-tool store --label='Password 1' password lookup_key1
Password: 12345678

associates 12345678 to the attribute password of the lookup key lookup_key1. The --label='Password 1' part, while being compulsory, has little or no role, here.

If you open Seahorse now, you will notice that label is used to fill the description field, “12345678” is stored in the “Password” field, and the details field contains password:lookup_key1:


Retrieval is performed by attribute and lookup key:

$ secret-tool lookup password lookup_key1

Notice that Seahorse does not allow you to enter the attributes and lookup key. Hence, there does not seem to be a way to enter a password from the GUI and retrieve it from the command line.

Using the command line you can store different attributes in the same entry and, similarly, different entries with the same attribute:

$ secret-tool store --label='Password 1' password lookup_key1
Password: 12345678

$ secret-tool store --label='Password 1' password lookup_key2
Password: qwerty

$ secret-tool store --label='Password 1' short lookup_key1
Password: 1234

$ secret-tool store --label='Password 1' short lookup_key2
Password: qwe

$ secret-tool lookup short lookup_key1

$ secret-tool lookup password lookup_key2