I'm trying to run a instance of a flask project with gunicorn on supervisor and I'm facing a issue where I'm not able to retrieve passwords from keyring after the first get_password() is called. After that, everything returns None.
When running the Flask project alone or with gunicorn, it works, but when I apply it in the supervisor this happens. What could I be missing?
This is the .conf file that I'm using to start the app:
[program:myflaskproject]
command=/my/project/path/venv/bin/gunicorn --preload wsgi:app --name my-app --workers 15 --bind=127.0.0.1:8000 --timeout 60 --log-level=debug --log-file=-
directory=/my/project/path
user=myuser
stdout_logfile=/my/project/path/logs/gunicorn_supervisor.log
redirect_stderr=true
autostart=true
autorestart=true
startretries=3
There's simply no error. Keyring's get_credentials() and get_password() simply returns None
Edit: Just noticed it works when I do not specify a user. What could I do to avoid an issue like that? What could be causing this?
Here's a brief explanation of what I found out:
Keyring uses Pathlib to find the current .local/share folder in home environment and Pathlib uses
~to look for the home folder (where the password database is stored), which is resolved to your$HOMEenvironment variable.What is causing the issue is that when Supervisor starts a process, even with a specified user, it starts it with the
rootenvironment variables.By looking at the current Keyring code, the home folder provided by Pathlib is only used when the environment variable
XDG_DATA_HOMEis not set.So to fix this, you can set the environment variable
XDG_DATA_HOMEat the Supervisor config pointing to the local share in the user home folder.The final
.confwill look like this: