Running the GNOME Keyring Daemon

Starting Gnome Keyring Daemon

The best place to start gnome-keyring-daemon is from the user's login. This is done via a PAM module. When configured correctly the user does not need to enter any passwords beyond that of their login.
In addition gnome-keyring-daemon must be initialized from the session startup. Usually this is accomplished by the autostart desktop files that gnome-keyring-daemon installs.
If gnome keyring was not started from the PAM module, the autostart desktop files will start a gnome-keyring-daemon properly. In this case the user will need to specify an unlock password for their keyring on its first use.
If your PAM configuration allows you to log in without entering a password (e.g. via smart card or fingerprint), you will also need to specify an unlock password for your keyring on its first use.
If not started by one of the above, it will be automatically activated by DBus for basic password operations. However much functionality will not be available, such as the SSH agent and encryption key store.

Gnome keyring will be stopped by gnome-session when that process stops.
Gnome keyring will be killed by the PAM module if the process that hosted the PAM module runs for the duration of the user's session.

gnome-keyring-daemon has several options which control its behavior during startup.

The --daemonize option tells gnome-keyring-daemon to disconnect from the calling terminal completely.
The --foreground option tells gnome-keyring-daemon to remain in the foreground, and connected to the foreground terminal.
When called with neither --daemonize or --foreground then gnome-keyring-daemon will fork and exit, but remain not completely disconnect from the calling terminal.
When run with the --login option, gnome-keyring-daemon expects a password on it's stdin. All characters until stdin closes are considered part of the password.
When run with the --login option, gnome-keyring-daemon does not fully initialize. It expects to be initialized later by calling another gnome-keyring-daemon with the --start option.
If a gnome-keyring-daemon process is started with --start option, then it tries to initialize an already running gnome-keyring-daemon (usually one that was started with --login). If no gnome-keyring-daemon is running, then it start or becomes one, depending on the --foreground option.
The --login and --start options cannot be used together. However when used together with --foreground or --daemon their behavior is what you would expect from those options.

gnome-keyring-daemon has certain environment variables that must be set in the user's session:

Each of the above ways of starting gnome-keyring prints out appropriate environment variables to stdout.
In the case of --login only a few environment variables will be printed. A later call to --start will print the remaining environment variables.
When used with a modern DBus capable session manager (like gnome-session 2.24.x and later) gnome-keyring-daemon will register environment variables directly with the session manager.