Snapcraft’s login credentials can be exported and subsequently used on a system where login is not possible or desired, such as on a system that’s offline. For cases when the system does not have a functioning or compatible keyring, Snapcraft will fall back to a file based backend.
- Export snapcraft’s login credentials
- Using exported snapcraft credentials
- Verifying accepted credentials
- Using a keyring on a headless Linux system
Export snapcraft's login credentials
To export snapcraft’s login credentials, use the export-login command with the name of a file to store the credentials. On any system where Snapcraft is supported, run:
snapcraft export-login <credentials-filename>
You will be asked for your email, password and second-factor authentication.
Credentials exported with Snapcraft 7 can only be used with Snapcraft 7 or greater
Using exported snapcraft credentials
Previously exported credentials can be used to authenticate Snapcraft with an environment variable, or on older versions of Snapcraft, by using login --with and an external file.
SNAPCRAFT_STORE_CREDENTIALS environment variable
On the system you wish to use previously exported credentials, the contents of the credentials file needs to be placed into an environment variable called SNAPCRAFT_STORE_CREDENTIALS. This can be accomplished in many ways, but the following is a good solution:
export SNAPCRAFT_STORE_CREDENTIALS=$(cat <credentials-filename>)
Verifying accepted credentials
Use snapcraft whoami to verify login credentials are working:
$ snapcraft whoami
email: <account-email>
username: <account-name>
id: <account-id>
permissions: package_access, package_manage, package_metrics,
package_push, package_register, package_release, package_update
channels: no restrictions
expires: 2023-06-15T14:49:49.000Z
Using a keyring
On systems where you wish to remain logged in, snapcraft login can be used. Snapcraft will attempt to use the system keyring. If no keyrings are installed or initialized, Snapcraft will fall back to file-based credential storage. The file-based storage is managed by Snapcraft. If you wish to import/export credentials, see the snapcraft export-login sections instead.
Note that snapcraft login sometimes fails to unlock gnome-keyring. This can occur when accessing a Linux system with a desktop environment from a virtual console or ssh. gnome-keyring will not present a cli password prompt to unlock the keyring, causing Snapcraft to hang and timeout.
Legacy
Using exported snapcraft credentials
Deprecated:
Only supported for the migration from Snapcraft 6 to 7 when using credentials generated with Snapcraft 6
In addition to what is described in Using exported snapcraft credentials, the snapcraft login command accepts an additional --with argument to reference a login credentials file.
snapcraft login --with <credentials-filename>
Using a keyring on a headless Linux system
Deprecated:
Not required from Snapcraft 7.5.4 and onwards, Snapcraft will fallback to a file based backend in the absence of a working system keyring.
A Linux desktop will typically include an integrated keyring utility to store and retrieve passwords. This process can also be made to work on a headless system with no display connected or accessible desktop.
First, make sure gnome-keyring is installed:
apt install gnome-keyring
Now start a dbus session:
dbus-run-session -- sh
To unlock the keyring from the command-line, run the following. You will be asked to enter a passphrase, type ctrl+d when done:
gnome-keyring-daemon --unlock
Now you can login as usual:
snapcraft login
Last updated a month ago.