The kwalletcli utility is a command line interface to KWallet. It will only work if KDE is running (DCOP) and reachable (via X11). kwalletcli can be used to get password entries from the default Wallet, or to write them there.
The options are as follows:
- -e entry
Define the key (entry) to use when accessing the Wallet. Mandatory.
- -f folder
Set the folder to use when accessing the Wallet. Mandatory.
Display the usage.
Read the password to write from standard input. Currently limited to 65535 octets.
- -p password
Write password into the designated location in the Wallet.
Be more quiet. In combination with -V, do not display anything.
Display the kwalletcli version information.
Default mode of operation, that is, unless -P or -p are used, is to read the password from the default Wallet and print it to standard output as-is, without any trailing newline.
There is currently no way to specify a Wallet other than the default.
All input and output is assumed to be in UTF-8. The password string (whether read from standard input or command line) is now converted from “possibly UTF-8 but binary transparent” to standards-conformant UTF-8 for the Qt side, and back upon reading out.
The kwalletcli utility exits 0 on success or >0 if an error occurred:
The entry specified cannot be found (read access).
The usage was shown.
The Wallet could not be opened. May be a missing DCOP connection. Perhaps
DISPLAYis not set.
The folder specified cannot be found (read access).
The folder specified cannot be opened.
The value to the key specified could not be retrieved.
An error occurred trying to write the value.
The exit codes 1 and 4, on reading, are not fatal; they merely indicate that the folder or entry specified does not exist. The other errors are fatal and may be used to indicate the user that the KWallet should not be used any more during the current session.
The X11 display to use for communicating with the KDE Wallet.
The following command...
$ printf '%s\n' "secret" | kwalletcli -f passwords -e sitename -P
... stores the password “secret” as
passwords\sitename inside the default Wallet. To read it out, use:
$ password=$(kwalletcli -f passwords -e sitename)
kwalletcli was written by mirabilos ⟨firstname.lastname@example.org⟩ mostly for tarent solutions GmbH.
Do not use -p password to store it, unless you absolutely must. It is a security risk, because the command line invocation is public information in a normal Unix environment. Use -P instead and provide the password on standard input.
Beware of trailing newlines, especially outside of mksh(1) scripts!
DISPLAY is not set, not valid, or kdeinit or kdeinit4 cannot start for other reasons, kwalletcli may not recover gracefully. In KDE 4 versions, this may even result in a Segmentation fault. The author does not know of a way to catch this early; patches are welcome.
kwalletaskpass(1), kwalletcli_getpin(1), pinentry-kwallet(1).