NAME

Passwd::Keyring::Auto - interface to secure password storage(s)

VERSION

Version 0.2801

SYNOPSIS

Passwd::Keyring is about securely preserving passwords and other sensitive data (for example API keys, OAuth tokens etc) in backends like Gnome Keyring, KDE Wallet, OSX/Keychain etc.

While modules like Passwd::Keyring::Gnome handle specific backends, Passwd::Keyring::Auto tries to pick the best backend available, considering the current desktop environment.

use Passwd::Keyring::Auto;  # get_keyring

my $keyring = get_keyring(app=>"My super scraper", group=>"Social passwords");

my $username = "someuser";
my $password = $keyring->get_password($username, "mylostspace.com");
if(! $password) {
    # ... somehow interactively prompt for password
    $keyring->set_password($username, $password, "mylostspace.com");
}
login_somewhere_using($username, $password);
if( password_was_wrong ) {
    $keyring->clear_password($username, "mylostspace.com");
}

If any secure backend is available, password is preserved for successive runs, and user need not be prompted.

The choice can be impacted by some environment variables and/or additional parameters, see get_keyring documentation for details.

One can skip this module and be explicit if he or she knows which keyring is to be used:

use Passwd::Keyring::Gnome;
my $keyring = Passwd::Keyring::Gnome->new();
# ... from there as above

EXPORT

get_keyring

SUBROUTINES/METHODS

get_keyring

my $ring = get_keyring()

my $ring = get_keyring(app=>'MyApp', group=>'SyncPasswords');

my $ring = get_keyring(app=>'MyApp', group=>'Scrappers',
                       prefer=>['Gnome', 'PWSafe3'],
                       forbid=>['KDEWallet']);

my $ring = get_keyring(app=>'MyApp', group=>'Scrappers',
                       force=>['KDEWallet']);

my $ring = get_keyring(app=>'MyApp', group=>'SyncPasswords',
                       %backend_specific_options);

Returns the keyring object most appropriate for the current system (and matching specified criteria) and initiates it.

The function inspects context the application runs in (operating system, presence of GUI sessions etc), decides which backends seem suitable and in what order of preference, then tries all suitable backends and returns first succesfully loaded and initialized.

All parameters are optional, but it is recommended to set app and group:

app => 'App Name'

Symbolic application name, which - depending on backend - may appear in interactive prompts (like dialog box "Application APP-NAME wants to access secure data..." popped up by KDE Wallet) and may be preserved as comment ("Created by ...") in secure storage (so may be seen in GUI password management apps like seahorse).

group => 'PasswordFolder'

The name of the passwords folder. Can be visualised as folder or group by some GUIs (seahorse, pwsafe3) but it's most important role is to let one separate passwords used for different purposes. A few apps/scripts will share passwords if they use the same group name, but will use different and unrelated passwords if they specify different group.

force => 'Backend'

Try only given backend and nothing else. Expects short backend name. For example force='Gnome'> means Passwd::Keyring::Gnome is to be used and nothing else.

prefer=>'Backend' or prefer => ['Backend1', 'Backend2', ...]

Try this/those backends first, and in the specified order (and try them even if by default they are not considered suitable for OS in use).

For example prefer=['OSXKeychain', 'KDEWallet']> asks module to try Passwd::Keyring::OSXKeychain first, then Passwd::Keyring::KDEWallet, then other options (if any) in module own preference.

forbid=>'Backend' or forbid => ['Backend1', 'Backend2', ...]

Never use specified backend(s).

For example forbid=['Gnome', 'KDEWallet']> will disable attempts to use GUI keyrings even if we run on Linux and have Gnome or KDE session active.

other parameters

All other parameters are passed as such to actual keyring backend. To check whether/which may be used, consult backends documentation. In general backends ignore params they do not know.

The function should not in normal circumstances fail (there always is Passwd::Keyring::Memory to be used if everything else fails), but it may croak if some keyring is enforced or if Memory is forbidden or uninstalled.

KEYRING METHODS

See Passwd::Keyring::Auto::KeyringAPI for operations available on keyring objects.

ENVIRONMENT VARIABLES

The following environment variables can be used to impact the module behaviour:

PASSWD_KEYRING_AUTO_FORCE

Use given backend and nothing else. For example, by setting PASSWD_KEYRING_AUTO_FORCE=KDEWallet user may enforce use of Passwd::Keyring::KDEWallet.

This variable is completely ignored if force parameter was specified, and causes runtime error if specified backend is not present, not working, or present on the forbid list.

PASSWD_KEYRING_AUTO_FORBID

Space separated list of backends to forbid, for example PASSWD_KEYRING_AUTO_FORBID="Gnome KDEWallet".

Ignored if force parameter was specified, otherwise works as this param.

PASSWD_KEYRING_AUTO_PREFER

Space separated names of backends to prefer.

Ignored if prefer parameter was specified, otherwise works as this param.

The following variable provides some additional logging:

PASSWD_KEYRING_AUTO_DEBUG: Log on stderr details about tried and selected backends (and errors faced while they are tried).

BACKEND SELECTION AND PREFERENCE CRITERIA

By default (no force, prefer or forbid params, no environment variables) the following criteria are used (note that those may change without warning and are described here just for illustration):

Linux/Unix: Passwd::Keyring::Gnome and Passwd::Keyring::KDEWallet are tried first (if Gnome session is detected, Gnome version is first, under KDE and in unclear context KDEWallet takes preference). If both fail, emergency Passwd::Keyring::Memory is returned.
Mac OS/X: Passwd::Keyring::OSXKeychain is tried, if it does not work, Passwd::Keyring::Memory is returned.
Windows: Currently Passwd::Keyring::Memory is always returned (this is to change once Windows Vault backend is written).

Note: some backends are not considered unless asked for (for example Passwd::Keyring::PWSafe3 is not currently considered by default algorithm).

FURTHER INFORMATION

Passwd::Keyring::Auto::KeyringAPI describes methods available on keyring objects and provides some additional detail on keyring construction.

AUTHOR

Marcin Kasperski

BUGS

Please report any bugs or feature requests to issue tracker at https://bitbucket.org/Mekk/perl-keyring-auto.

SUPPORT

You can find documentation for this module with the perldoc command.

perldoc Passwd::Keyring::Auto

You can also look for information at:

http://search.cpan.org/~mekk/Passwd-Keyring-Auto/

Source code is tracked at:

https://bitbucket.org/Mekk/perl-keyring-auto

LICENSE AND COPYRIGHT

This program is free software; you can redistribute it and/or modify it under the terms of either: the GNU General Public License as published by the Free Software Foundation; or the Artistic License.

See http://dev.perl.org/licenses/ for more information.

To install Passwd::Keyring::Auto, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Passwd::Keyring::Auto

CPAN shell

perl -MCPAN -e shell
install Passwd::Keyring::Auto

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

NAME

VERSION

SYNOPSIS

EXPORT

SUBROUTINES/METHODS

get_keyring

KEYRING METHODS

ENVIRONMENT VARIABLES

BACKEND SELECTION AND PREFERENCE CRITERIA

FURTHER INFORMATION

AUTHOR

BUGS

SUPPORT

LICENSE AND COPYRIGHT

Module Install Instructions