intel · berrange · Jan 27, 2026 · Jan 27, 2026
diff --git a/PccsAdminTool/lib/intelsgx/credential.py b/PccsAdminTool/lib/intelsgx/credential.py
@@ -1,4 +1,7 @@
-import keyring
+try:
+    import keyring
+except:
+    keyring = None
 import getpass
 
 class Credentials:
@@ -7,11 +10,12 @@ class Credentials:
 
     def get_admin_token(self):
         admin_token = ""
-        try:
-            print("Please note: A prompt may appear asking for your keyring password to access stored credentials.")
-            admin_token = keyring.get_password(self.APPNAME, self.KEY_ADMINTOKEN)
-        except keyring.errors.KeyringError as ke:
-            admin_token = ""
+        if keyring is not None:
+            try:
+                print("Please note: A prompt may appear asking for your keyring password to access stored credentials.")
+                admin_token = keyring.get_password(self.APPNAME, self.KEY_ADMINTOKEN)
+            except keyring.errors.KeyringError as ke:
+                admin_token = ""
 
         while admin_token is None or admin_token == '':
             admin_token = getpass.getpass(prompt="Please input your administrator password for PCCS service:")
@@ -24,10 +28,11 @@ def get_admin_token(self):
         return admin_token
 
     def set_admin_token(self, token):
-        try:
-            print("Please note: A prompt may appear asking for your keyring password to access stored credentials.")
-            keyring.set_password(self.APPNAME, self.KEY_ADMINTOKEN, token)
-        except keyring.errors.PasswordSetError as ke:
-            print("Failed to store admin token.")
-            return False
+        if keyring is not None:
+            try:
+                print("Please note: A prompt may appear asking for your keyring password to access stored credentials.")
+                keyring.set_password(self.APPNAME, self.KEY_ADMINTOKEN, token)
+            except keyring.errors.PasswordSetError as ke:
+                print("Failed to store admin token.")
+                return False
         return True
diff --git a/PccsAdminTool/pccsadmin.py b/PccsAdminTool/pccsadmin.py
@@ -120,7 +120,13 @@ def get_platforms(self):
             if response.status_code == 200:
                 self._write_output_file(output_file, response)
             elif response.status_code == 401:  # Authentication error
-                self.credentials.set_admin_token('')
+                try:
+                    self.credentials.set_admin_token('')
+                except:
+                    # If keyring is unavailable, we don't want to trigger
+                    # traceback, as the user may have declined to save
+                    # the key in the keyring earlier
+                    pass
                 print("Authentication failed.")
             else:
                 self._handle_error(response)
@@ -150,7 +156,13 @@ def upload_collaterals(self):
                 if response.status_code == 200:
                     print("Collaterals uploaded successfully.")
                 elif response.status_code == 401:  # Authentication error
-                    self.credentials.set_admin_token('')
+                    try:
+                        self.credentials.set_admin_token('')
+                    except:
+                        # If keyring is unavailable, we don't want to trigger
+                        # traceback, as the user may have declined to save
+                        # the key in the keyring earlier
+                        pass
                     print("Authentication failed.")
                 else:
                     self._handle_error(response)
@@ -166,7 +178,13 @@ def upload_collaterals(self):
                 if response.status_code == 200:
                     print("Policy uploaded successfully with policy ID :" + response.text)
                 elif response.status_code == 401:  # Authentication error
-                    self.credentials.set_admin_token('')
+                    try:
+                        self.credentials.set_admin_token('')
+                    except:
+                        # If keyring is unavailable, we don't want to trigger
+                        # traceback, as the user may have declined to save
+                        # the key in the keyring earlier
+                        pass
                     print("Authentication failed.")
                 else:
                     self._handle_error(response)
@@ -199,7 +217,13 @@ def refresh_cache_database(self):
             if response.status_code == 200:
                 print("The cache database was refreshed successfully.")
             elif response.status_code == 401:  # Authentication error
-                self.credentials.set_admin_token('')
+                try:
+                    self.credentials.set_admin_token('')
+                except:
+                    # If keyring is unavailable, we don't want to trigger
+                    # traceback, as the user may have declined to save
+                    # the key in the keyring earlier
+                    pass
                 print("Authentication failed.")
             else:
                 self._handle_error(response)