secret-tool usage for storing a secret (password)

Oh secret-tool. Is it a gnome tool, I’m not sure.

So I tried to use this a while ago to store some secrets for my mail client. And it was super painful. I could write a whole article about this… However, I could also not really find an alternative. So let’s look at some simple usage examples.

Adding a secret:

$ secret-tool store --label=MyApp title myapp

NOTE: The secret isn’t there yet. This command, once you enter it, will ask for the secret, and it will be entered interactively.

So, here label is some sort of label, and title and my app are a key and value that can be used to access the secret.

Access the secret:

$ secret-tool lookup title myapp

There is a Gnome GUI application to manage and view the secrets. true to the confusing nature of this project it is appearing as “Passwords and Keys”, but it is also called a seahorse.

However, I could not manage to properly add a password with corresponding keys and values to the store using the GUI application. Hence the above commands. The GUI application is still useful to at least see the secrets.

For the above example the label “MyApp” would appear as “Description” in seahorse. Makes sense I guess 🥲. And the key value appear under details.

I suppose the lack of user friendliness comes from the fact that the management of secrets in this way is not really something that is meant to be done by the end user. It is something that is usually done by applications in the background, with little to no user interaction or the application masking the user interaction. to be fair I never had to do this until now, and I wouldn’t do it if it wasn’t for the beautiful terminal mail client that I started using, aerc.

The security implications of the tool and the terminal tool are worth a whole other discussion. And there is indeed such a discussion. I read up on it a little bit when I started using it last time and I may be able to find the links. It is kind of interesting if you’re into these kinds of things.

So, this has already turned essentially into an article. So, I may be moving this to the nerd stuff. :D

Last modified: 2025-04-25 15:03h

linux
bash