Here is a simple tip to use keyctl in a bash script. keyctl is a wrapper for Linux kernel key management interface. It allows to securely save data in kernel memory. The man documentation is very bigcomplete but I didn't find any example on internet. What I initially wanted to do is to safely store a password entered by user inside a bash shell script and keep private to it (don't share with other processes).

Basically the script looks like :

#!/bin/bash

password=SecretPassword

keyctl new_session > /dev/null
keyid=`keyctl add user mail $password @s`
keyctl show
# echo "KEYID $keyid"
keyctl print $keyid

The first thing to do is to create a new session (to detach the current shared one).

Then we will add the password in the new item "mail". We don't have other choice to set type to "user". The item will be placed into the session keyring (@s). We could create new keyrings to store it with keyctl newring command. The command return item id as a big integer. We can use this integer or its name "%user:mail" for further references.

There is also a command keyctl padd which read data from stdin, but I don't recommend to use it as data is displayed in clear on the terminal.

Finally we show keyring information and print our password. We use print command to have an human friendly output, keyctl read command display it in hex format...