Snapcraft authentication options

Snapcraft’s login credentials can be exported and subsequently used on a system where login is not possible or desired, such as on a system that’s offline. For cases when the system does not have a functioning or compatible keyring, Snapcraft will fall back to a file based backend.

Export snapcraft's login credentials

To export snapcraft’s login credentials, use the export-login command with the name of a file to store the credentials. On any system where Snapcraft is supported, run:

snapcraft export-login <credentials-filename>

You will be asked for your email, password and second-factor authentication.

Credentials exported with Snapcraft 7 can only be used with Snapcraft 7 or greater

Using exported snapcraft credentials

Previously exported credentials can be used to authenticate Snapcraft with an environment variable, or on older versions of Snapcraft, by using login --with and an external file.

SNAPCRAFT_STORE_CREDENTIALS environment variable

On the system you wish to use previously exported credentials, the contents of the credentials file needs to be placed into an environment variable called SNAPCRAFT_STORE_CREDENTIALS. This can be accomplished in many ways, but the following is a good solution:

export SNAPCRAFT_STORE_CREDENTIALS=$(cat <credentials-filename>)

Verifying accepted credentials

Use snapcraft whoami to verify login credentials are working:

$ snapcraft whoami
email: <account-email>
username: <account-name>
id: <account-id>
permissions: package_access, package_manage, package_metrics, 
package_push, package_register, package_release, package_update
channels: no restrictions
expires: 2023-06-15T14:49:49.000Z  

Using a keyring

On systems where you wish to remain logged in, snapcraft login can be used. Snapcraft will attempt to use the system keyring. If no keyrings are installed or initialized, Snapcraft will fall back to file-based credential storage. The file-based storage is managed by Snapcraft. If you wish to import/export credentials, see the snapcraft export-login sections instead.

Note that snapcraft login sometimes fails to unlock gnome-keyring. This can occur when accessing a Linux system with a desktop environment from a virtual console or ssh. gnome-keyring will not present a cli password prompt to unlock the keyring, causing Snapcraft to hang and timeout.

Legacy

Using exported snapcraft credentials

Deprecated:

Only supported for the migration from Snapcraft 6 to 7 when using credentials generated with Snapcraft 6

In addition to what is described in Using exported snapcraft credentials, the snapcraft login command accepts an additional --with argument to reference a login credentials file.

snapcraft login --with <credentials-filename>

Using a keyring on a headless Linux system

Deprecated:

Not required from Snapcraft 7.5.4 and onwards, Snapcraft will fallback to a file based backend in the absence of a working system keyring.

A Linux desktop will typically include an integrated keyring utility to store and retrieve passwords. This process can also be made to work on a headless system with no display connected or accessible desktop.

First, make sure gnome-keyring is installed:

apt install gnome-keyring

Now start a dbus session:

dbus-run-session -- sh 

To unlock the keyring from the command-line, run the following. You will be asked to enter a passphrase, type ctrl+d when done:

gnome-keyring-daemon --unlock

Now you can login as usual:

snapcraft login

Last updated 4 months ago.