Keyring stops working after first get_password() call when running Flask project with gunicorn in supervisor
Question:
I’m trying to run a instance of a flask project with gunicorn on supervisor and I’m facing a issue where I’m not able to retrieve passwords from keyring after the first get_password() is called. After that, everything returns None.
When running the Flask project alone or with gunicorn, it works, but when I apply it in the supervisor this happens.
What could I be missing?
This is the .conf file that I’m using to start the app:
[program:myflaskproject]
command=/my/project/path/venv/bin/gunicorn --preload wsgi:app --name my-app --workers 15 --bind=127.0.0.1:8000 --timeout 60 --log-level=debug --log-file=-
directory=/my/project/path
user=myuser
stdout_logfile=/my/project/path/logs/gunicorn_supervisor.log
redirect_stderr=true
autostart=true
autorestart=true
startretries=3
There’s simply no error. Keyring’s get_credentials() and get_password() simply returns None
Edit:
Just noticed it works when I do not specify a user. What could I do to avoid an issue like that? What could be causing this?
Answers:
Here’s a brief explanation of what I found out:
Keyring uses Pathlib to find the current .local/share folder in home environment and Pathlib uses ~ to look for the home folder (where the password database is stored), which is resolved to your $HOME environment variable.
What is causing the issue is that when Supervisor starts a process, even with a specified user, it starts it with the root environment variables.
By looking at the current Keyring code, the home folder provided by Pathlib is only used when the environment variable XDG_DATA_HOME is not set.
So to fix this, you can set the environment variable XDG_DATA_HOME at the Supervisor config pointing to the local share in the user home folder.
The final .conf will look like this:
[program:myflaskproject]
environment=XDG_DATA_HOME=/home/myuser/.local/share
command=/my/project/path/venv/bin/gunicorn --preload wsgi:app --name my-app --workers 15 --bind=127.0.0.1:8000 --timeout 60 --log-level=debug --log-file=-
directory=/my/project/path
user=myuser
stdout_logfile=/my/project/path/logs/gunicorn_supervisor.log
redirect_stderr=true
autostart=true
autorestart=true
startretries=3
I’m trying to run a instance of a flask project with gunicorn on supervisor and I’m facing a issue where I’m not able to retrieve passwords from keyring after the first get_password() is called. After that, everything returns None.
When running the Flask project alone or with gunicorn, it works, but when I apply it in the supervisor this happens.
What could I be missing?
This is the .conf file that I’m using to start the app:
[program:myflaskproject]
command=/my/project/path/venv/bin/gunicorn --preload wsgi:app --name my-app --workers 15 --bind=127.0.0.1:8000 --timeout 60 --log-level=debug --log-file=-
directory=/my/project/path
user=myuser
stdout_logfile=/my/project/path/logs/gunicorn_supervisor.log
redirect_stderr=true
autostart=true
autorestart=true
startretries=3
There’s simply no error. Keyring’s get_credentials() and get_password() simply returns None
Edit:
Just noticed it works when I do not specify a user. What could I do to avoid an issue like that? What could be causing this?
Here’s a brief explanation of what I found out:
Keyring uses Pathlib to find the current .local/share folder in home environment and Pathlib uses ~ to look for the home folder (where the password database is stored), which is resolved to your $HOME environment variable.
What is causing the issue is that when Supervisor starts a process, even with a specified user, it starts it with the root environment variables.
By looking at the current Keyring code, the home folder provided by Pathlib is only used when the environment variable XDG_DATA_HOME is not set.
So to fix this, you can set the environment variable XDG_DATA_HOME at the Supervisor config pointing to the local share in the user home folder.
The final .conf will look like this:
[program:myflaskproject]
environment=XDG_DATA_HOME=/home/myuser/.local/share
command=/my/project/path/venv/bin/gunicorn --preload wsgi:app --name my-app --workers 15 --bind=127.0.0.1:8000 --timeout 60 --log-level=debug --log-file=-
directory=/my/project/path
user=myuser
stdout_logfile=/my/project/path/logs/gunicorn_supervisor.log
redirect_stderr=true
autostart=true
autorestart=true
startretries=3