secret-tool(1) [centos man page]
SECRET-TOOL(1) User Commands SECRET-TOOL(1) NAME
secret-tool - Store and retrieve passwords SYNOPSIS
secret-tool store --label='Label' {attribute} {value} ... secret-tool lookup {attribute} {value} ... secret-tool clear {attribute} {value} ... secret-tool search [--all]{attribute} {value} ... DESCRIPTION
secret-tool is a command line tool that can be used to store and retrieve passwords. Each password is stored in an item. Items are uniquely identified by a set of attribute keys and values. When storing a password you must specify unique pairs of attributes names and values, and when looking up a password you provide the same attribute name and value pairs. STORE
To store a password run secret-tool with the store argument. You must also specify a label for the passward with the --label argument. This label will be displayed in the password manager. Make sure to pass a unique set of attributes names and values when storing a password. If the attributes match an already existing item, it will be updated instead of creating a new item. If invoked from a terminal or tty, then the password to store will be prompted for and only one line will be accepted. A password to store can also be piped in via stdin. The password will be the contents of stdin until EOF. If you provide a newline via stdin it will be stored as part of the password. LOOKUP
To lookup a password run secret-tool with the lookup argument. Specify the same same attribute names and value pairs that you passed when storing the password. If multiple items match the attribute provided, then the first password that is already unlocked will be returned. If necessary an item will be unlocked. When printing the password to a terminal or tty, an extra newline will be added after the password. CLEAR
To remove a password run secret-tool with the clear argument. Specify the same attirbute name and value pairs that you passed when storing the password. All unlocked items that match the attributes will be removed. SEARCH
This command searches for and prints details on matching items in secret service. Specify the same attribute and value pairs that you passed in when storing the password. You can use the following options: --all Return all matching results, rather than just the one of the matches. Without this option, the first unlocked match returned from the service will be printed. --unlock Unlock items that are locked and then print out their details. Without this option, locked items are skipped. EXIT STATUS
On success 0 is returned, a non-zero failure code otherwise. EXAMPLES
Example 1. Storing, retrieving, and clearing a password $ secret-tool store --label='My password' key1 value1 key2 value2 Password: My password $ secret-tool lookup key1 value1 key2 value2 My password $ secret-tool clear key1 value1 key2 value2 XDG
SECRET-TOOL(1)
Check Out this Related Man Page
chkey(1) User Commands chkey(1) NAME
chkey - change user's secure RPC key pair SYNOPSIS
chkey [-p] [-s nisplus | nis | files | ldap] [-m <mechanism>] DESCRIPTION
chkey is used to change a user's secure RPC public key and secret key pair. chkey prompts for the old secure-rpc password and verifies that it is correct by decrypting the secret key. If the user has not already used keylogin(1) to decrypt and store the secret key with key- serv(1M), chkey registers the secret key with the local keyserv( 1M) daemon. If the secure-rpc password does not match the login password, chkey prompts for the login password. chkey uses the login password to encrypt the user's secret Diffie-Hellman (192 bit) cryptographic key. chkey can also encrypt other Diffie-Hellman keys for authentication mechanisms configured using nisauthconf(1M). chkey ensures that the login password and the secure-rpc password(s) are kept the same, thus enabling password shadowing. See shadow(4). The key pair can be stored in the /etc/publickey file (see publickey(4)), the NIS publickey map, or the NIS+ cred.org_dir table. If a new secret key is generated, it will be registered with the local keyserv(1M) daemon. However, only NIS+ can store Diffie-Hellman keys other than 192-bits. Keys for specific mechanisms can be changed or reencrypted using the -m option followed by the authentication mechanism name. Multiple -m options can be used to change one or more keys. However, only mechanisms configured using nisauthconf(1M) can be changed with chkey. If the source of the publickey is not specified with the -s option, chkey consults the publickey entry in the name service switch con- figuration file. See nsswitch.conf(4). If the publickey entry specifies one and only one source, then chkey will change the key in the specified name service. However, if multiple name services are listed, chkey can not decide which source to update and will display an error message. The user should specify the source explicitly with the -s option. Non root users are not allowed to change their key pair in the files database. OPTIONS
The following options are supported: -p Re-encrypt the existing secret key with the user's login password. -s nisplus Update the NIS+ database. -s nis Update the NIS database. -s files Update the files database. -s ldap Update the LDAP database. -m <mechanism> Changes or re-encrypt the secret key for the specified mechanism. FILES
/etc/nsswitch.conf /etc/publickey ATTRIBUTES
See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Availability |SUNWcsu | +-----------------------------+-----------------------------+ SEE ALSO
keylogin(1), keylogout(1), keyserv(1M), newkey(1M), nisaddcred(1M), nisauthconf(1M), nsswitch.conf(4), publickey(4), shadow(4), attributes(5) NOTES
NIS+ might not be supported in future releases of the SolarisTM Operating Environment. Tools to aid the migration from NIS+ to LDAP are available in the Solaris 9 operating environment. For more information, visit http://www.sun.com/directory/nisplus/transition.html. SunOS 5.10 24 Jan 2002 chkey(1)