Cannot get psk of current AP on container

I do have a very simple multicontainer application here -

It just installs the NetworkManager on a container.

If I execute nmcli -s -g 802-11-wireless-security.psk connection show <My SSID> command on container, it returns nothing. But this command works on hostOS.

I have tested on the latest development image of RPi Zero W.

Could you guys check my repository and let me know what is wrong?
It just contains a couple of files.


Hello Wester,
I checked out, from what I see I don’t think your use-case is working on multi containers since there is only one container listed under services. You can find more information about multi containers here -

Also, on, it should be network_mode: host without double-quotes. Can you try making a new release, and see if that works out for you. Thanks!


Thanks for your reply, @vipulgupta2048

Just tried with host (without double quotes), but no luck.

Also added a new service and pushed to the git repo. Still no luck… :confused:

Hello Wester,
There weren’t any other flaws in the configuration that we could see in your setup. Hence, I went the extra mile and reproduced the command on RPi0 W. Indeed, the command works on HostOS and not the container. We concluded that this could be a security feature where containers aren’t able to access security keys of the hostOS. We ran other commands which worked out fine such as nmcli connection show <SSID> which provided all the information except the credentials were hidden.

We are also observed a version mismatch between nmcli version of HostOS and the container. Hence, we created a new release with debian version as bullseye in the hopes to see some change and it worked. In your dockerfile.template, please replace the base image with and push a new release FROM balenalib/%%BALENA_MACHINE_NAME%%-debian-node:latest-bullseye-build
That should do it.


Debian bullseye ships with nmcli tool, version 1.27.90

Wow, thanks for your help!

Let me try right now.

Yeah, it works! @vipulgupta2048

But sadly, I cannot install chromium browser on bullseye then… :confused:


Could you fix this issue on the debian buster image, which supports most of packages for Pi Zero W(armv6)?

Hi there, what issue are you having with installing chromium on debian:bullseye?

I have a simple test Dockerfile here, which builds with balena-cli without any issues.

$ cat Dockerfile.template 
FROM balenalib/%%BALENA_ARCH%%:bullseye

RUN install_packages chromium

$ balena build --deviceType genericx86-64-ext --arch amd64 .
[Build]   Built 1 service in 1:14
[Success] Build succeeded!

Whoops, chromium works, but chromium-browser doesn’t work… :slight_smile:

According to this, the package chromium in debian:bullseye contains the web browser component…

1 Like

@vipulgupta2048 @ab77

Could you update the FROM balenalib/%%BALENA_MACHINE_NAME%%-debian-node:latest-buster-build (buster) with the correct version of NetworkManager?

For some reason, chromium crashes on the bullseye but works perfectly on buster.


Hi Wester,

Unfortunately we cannot upgrade the base image for Buster because it uses the official Debian repositories, which define what versions packages are pinned to. We can only upgrade the packages installed on the host OS.

There are a few of other options though:

You may build in the Dockerfile for that container NetworkManager. You may do that on top of your Dockerfile, so that cache is used when you modify later lines there. For making the images smaller in this case you may use multistage bukds -

Probably a better option I would personally prefer is to not use nmcli at all, but retrieve the information through a NetworkManager client library. That will take extra time to develop though. You may check examples in different languages here:

Or you may omit from your application getting the password. I guess it is for editing purposes, so you may just make the users enter it from scratch.


Yeah, I had to create a python script to get the PSK by using dbus API!
(installing the latest nmcli on buster was horrible! lol)

For reference:


import dbus

bus = dbus.SystemBus()
service_name = "org.freedesktop.NetworkManager"
proxy = bus.get_object(service_name, "/org/freedesktop/NetworkManager/Settings")
settings = dbus.Interface(proxy, "org.freedesktop.NetworkManager.Settings")

for path in settings.ListConnections():
    con_proxy = bus.get_object(service_name, path)
    settings_connection = dbus.Interface(con_proxy, "org.freedesktop.NetworkManager.Settings.Connection")
    config = settings_connection.GetSettings()
    if config["connection"]['type'] == "802-11-wireless":
        secrets = settings_connection.GetSecrets("802-11-wireless-security")
1 Like

Thanks for sharing your script! I am sure folks from the community will find it useful