In a headless WSL environment, gnome-keyring creates an encrypted login.keyring file by default. Because there is no graphical display manager (GDM) to unlock it automatically during login, the keyring becomes locked, and your user/root password will not work to open it. This causes the CLI to hang or prompt for an unreachable password on subsequent restarts.
The Solution (Create an Unencrypted Keyring for WSL):
Since WSL runs inside an already secure Windows environment, the easiest fix is to wipe the encrypted keyring and force gnome-keyring to save tokens without an extra password.
-
Delete the current encrypted files:
rm -f ~/.local/share/keyrings/* -
Completely restart WSL (run this in Windows PowerShell, not WSL):
wsl --shutdown -
Open your WSL terminal again and force initialize an unencrypted keyring:
gnome-keyring-daemon --unlock <<< "" -
Log back.
The CLI will now save your session tokens in a blank-password keyring. It will work flawlessly across WSL restarts without ever asking for a password again.