diff options
| author | Michael Muré <batolettre@gmail.com> | 2020-07-27 00:14:01 +0200 |
|---|---|---|
| committer | Michael Muré <batolettre@gmail.com> | 2020-09-29 20:42:21 +0200 |
| commit | b127481364176ac7ecb56c1604e1460251574859 (patch) | |
| tree | 389e4f4596183c009ed53a078ad93bc72d6c4564 /repository/keyring.go | |
| parent | d171e11028f5993137a5f83beb7fe002bed866f5 (diff) | |
| download | git-bug-b127481364176ac7ecb56c1604e1460251574859.tar.gz | |
repository: add access to the system keyring, with fallback on a file
Diffstat (limited to 'repository/keyring.go')
| -rw-r--r-- | repository/keyring.go | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/repository/keyring.go b/repository/keyring.go new file mode 100644 index 00000000..9f8171db --- /dev/null +++ b/repository/keyring.go @@ -0,0 +1,73 @@ +package repository + +import ( + "os" + "path" + + "github.com/99designs/keyring" +) + +type Item = keyring.Item + +var ErrKeyringKeyNotFound = keyring.ErrKeyNotFound + +// Keyring provides the uniform interface over the underlying backends +type Keyring interface { + // Returns an Item matching the key or ErrKeyringKeyNotFound + Get(key string) (Item, error) + // Stores an Item on the keyring + Set(item Item) error + // Removes the item with matching key + Remove(key string) error + // Provides a slice of all keys stored on the keyring + Keys() ([]string, error) +} + +func defaultKeyring() (Keyring, error) { + ucd, err := os.UserConfigDir() + if err != nil { + return nil, err + } + + backends := []keyring.BackendType{ + keyring.WinCredBackend, + keyring.KeychainBackend, + keyring.PassBackend, + keyring.FileBackend, + } + + return keyring.Open(keyring.Config{ + // TODO: ideally this would not be there, it disable the freedesktop backend on linux + // due to https://github.com/99designs/keyring/issues/44 + AllowedBackends: backends, + + ServiceName: "git-bug", + + // MacOS keychain + KeychainName: "git-bug", + KeychainTrustApplication: true, + + // KDE Wallet + KWalletAppID: "git-bug", + KWalletFolder: "git-bug", + + // Windows + WinCredPrefix: "git-bug", + + // freedesktop.org's Secret Service + LibSecretCollectionName: "git-bug", + + // Pass (https://www.passwordstore.org/) + PassPrefix: "git-bug", + + // Fallback encrypted file + FileDir: path.Join(ucd, "git-bug", "keyring"), + // As we write the file in the user's config directory, this file should already be protected by the OS against + // other user's access. We actually don't terribly need to protect it further and a password prompt across all + // UI's would be a pain. Therefore we use here a constant password so the file will be unreadable by generic file + // scanners if the user's machine get compromised. + FilePasswordFunc: func(string) (string, error) { + return "git-bug", nil + }, + }) +} |