Hi! I was using the Seahorse application to identify the user, host and
port of each secret, but I did the same thing with M-x secrets-show-secrets
and saw pretty much the same thing:
```
[-] Login
|-[+] Password for ’’ on ’gh:github.com’
|-[-] root@black-diamond
| |- password: *********************************** [Show password]
| |- host: black-diamond
| |- port: sudo
| |- user: root
| `- xdg:schema: org.freedesktop.Secret.Generic
|-[+] Github API key for forge
`-[-] root@black-diamond
|- password: *********************************** [Show password]
|- host: black-diamond
|- port: sudo
|- user: root
`- xdg:schema: org.freedesktop.Secret.Generic
[+] session
```
Here's the same result using elisp directly:
```
(secrets-item-path "Login" "root@black-diamond")
"/org/freedesktop/secrets/collection/login/2"
(secrets-get-item-properties "/org/freedesktop/secrets/collection/login/2")
(("Locked") ("Attributes" ("host" "black-diamond") ("port" "sudo") ("user"
"root") ("xdg:schema" "org.freedesktop.Secret.Generic")) ("Label" .
"root@black-diamond") ("Type" . "org.freedesktop.Secret.Generic")
("Created" . 1663727104) ("Modified" . 1663727104))
;; I also wanted to check the other secret. I wasn't sure exactly what ID
it was and since they both have the same label, I didn't think I could use
`secrets-item-path`. I just tried guessing until I found it
(secrets-get-item-properties "/org/freedesktop/secrets/collection/login/1")
(("Locked") ("Attributes" ("host" "black-diamond") ("port" "sudo") ("user"
"root") ("xdg:schema" "org.freedesktop.Secret.Generic")) ("Label" .
"root@black-diamond") ("Type" . "org.freedesktop.Secret.Generic")
("Created" . 1663726391) ("Modified" . 1663726391))
```
Thanks for your patience,
Ethan
On Sat, Jun 15, 2024 at 3:56 AM Michael Albinus <[email protected]>
wrote:
> Ethan Glasser-Camp <[email protected]> writes:
>
> > Hi! Sorry, I forgot to respond to this for a couple days.
>
> Hi Ethan,
>
> > I don't have anything that looks wrong in my case per se. I am able to
> > access sudo fine with the existing `root@black-diamond` / `sudo` entry
> > in my Login keyring (i.e. it doesn't ask me for a password). I'm just
> > curious how that can work. `(secrets-get-secret "Login"
> > "root@black-diamond")` retrieves my password but `(secrets-get-secret
> > "Login" "ethan@black-diamond")` returns nil.
>
> That means, there is at least one matching item "root@black-diamond",
> but no item "ethan@black-diamond". I said it already, but again: these
> are labels for the items. They don't tell us which properties are used.
>
> > It sounds like there is some special logic in tramp that understands
> > that with `sudo`, we should use the local username even if we are
> > trying to access `root`. That makes sense.
>
> Yes. For sudo, doas, and alike.
>
> > It looks from the code like it's possible to get a password from a
> > completely different user when we are about to create a new secret in
> > `auth-source-secrets-create`. I think this could explain why it's able
> > to find a password. It seems like taht could lead to a bug if I was to
> > try to connect via ssh to the same host with multiple users, but
> > that's just a hypothesis so maybe you should disregard it until
> > someone actually reports it.
>
> If we want to understand better, we must know which items you
> have. Please try the following: "M-x secrets-show-secrets". This will
> show you the collections, in my case I see
>
> --8<---------------cut here---------------start------------->8---
> [+] Login
> [+] 92beed6268d728784e4d8b4aea8a5f96
> [+] f8a6e281eeae95e2e77d9a4812a98580
> [+] 1c10f9798638f07b2c2f3f4af8542d4c
> [+] session
> [+] 63b7238a9793ec9e2f1a1c917a5c8f4f
> [+] 5a0922a29941a3edef7af298e739489f
> --8<---------------cut here---------------end--------------->8---
>
> Click on the "Login" collection. I have:
>
> --8<---------------cut here---------------start------------->8---
> [-] Login
> |-[+] Password for document
> file:///home/albinus/Downloads/ING_Baufi_erste
> Unterlagen_0011322341_0300_B584531691.pdf
> |-[+] [email protected]
> |-[+] GOA owncloud credentials for identity account_1682842492_0
> |-[+] GOA owncloud credentials for identity account_1589131231_0
> |-[+] GOA imap_smtp credentials for identity account_1627558733_0
> |-[+] GNOME Remote Desktop RDP credentials
> |-[+] [email protected]
> |-[+] sigrid@magrathea
> |-[+] GOA google credentials for identity account_1587127542_0
> |-[+] Chrome Safe Storage Control
> |-[+] Chromium Safe Storage
> |-[+] GOA google credentials for identity account_1716207368_0
> |-[+] Password for document
> file:///home/albinus/Downloads/ING_Baufi_Legitimation_0011322341_0300_B584531687.pdf
> |-[+] [email protected]
> |-[+] albinus@ford
> |-[+] GNOME Boxes credentials for
> “/home/albinus/Downloads/Win10_20H2_v2_English_x64.iso”
> |-[+] GOA owncloud credentials for identity account_1587128230_2
> |-[+] GOA google credentials for identity account_1587127542_0
> |-[+] Unlock password for: 92beed6268d728784e4d8b4aea8a5f96
> |-[+] Password for document
> file:///home/albinus/Downloads/ING_Baufi_Abschrift des ING
> Vertragsangebots_0011322341_0300_B584531694.pdf
> |-[+] Password for document
> file:///home/albinus/Downloads/ING_Baufi_Grundschuldbestellung_0011322341_0300_B584531689.pdf
> |-[+] GNOME Connections credentials for
> ’ae3027b5-8f25-43cb-82ad-3d3e13a45d1c’
> `-[+] GNOME Boxes credentials for
> “/home/albinus/Downloads/CentOS-8.4.2105-x86_64-dvd1.iso”
> --8<---------------cut here---------------end--------------->8---
>
> There must be two items with the label "root@black-diamond", according
> to your obeservations. Click on both, and show the contents. I have done
> this for the "[email protected]" example:
>
> --8<---------------cut here---------------start------------->8---
> |-[-] [email protected]
> | |- password: ******** [ password]
> | |- domain: SAMBA
> | |- protocol: smb
> | |- server: ford.local
> | |- user: albinus
> | `- xdg:schema: org.gnome.keyring.NetworkPassword
> |--8<---------------cut here---------------end--------------->8---
>
> > Ethan
>
> Best regards, Michael.
>
