aboutsummaryrefslogtreecommitdiffstats
path: root/repository/keyring.go
blob: 64365c39e980a2711006e753be153d104e3ec4b4 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
package repository

import (
	"os"
	"path/filepath"

	"github.com/99designs/keyring"
)

type Item = keyring.Item

var ErrKeyringKeyNotFound = keyring.ErrKeyNotFound

// Keyring provides the uniform interface over the underlying backends
type Keyring interface {
	// Returns an Item matching the key or ErrKeyringKeyNotFound
	Get(key string) (Item, error)
	// Stores an Item on the keyring
	Set(item Item) error
	// Removes the item with matching key
	Remove(key string) error
	// Provides a slice of all keys stored on the keyring
	Keys() ([]string, error)
}

func defaultKeyring() (Keyring, error) {
	ucd, err := os.UserConfigDir()
	if err != nil {
		return nil, err
	}

	return keyring.Open(keyring.Config{
		// only use the file backend until https://github.com/99designs/keyring/issues/74 is resolved
		AllowedBackends: []keyring.BackendType{
			keyring.FileBackend,
		},

		ServiceName: "git-bug",

		// Fallback encrypted file
		FileDir: filepath.Join(ucd, "git-bug", "keyring"),
		// As we write the file in the user's config directory, this file should already be protected by the OS against
		// other user's access. We actually don't terribly need to protect it further and a password prompt across all
		// UI's would be a pain. Therefore we use here a constant password so the file will be unreadable by generic file
		// scanners if the user's machine get compromised.
		FilePasswordFunc: func(string) (string, error) {
			return "git-bug", nil
		},
	})
}

// replaceKeyring allow to replace the Keyring of the underlying repo
type replaceKeyring struct {
	TestedRepo
	keyring Keyring
}

func (rk replaceKeyring) Keyring() Keyring {
	return rk.keyring
}