sys icon indicating copy to clipboard operation
sys copied to clipboard
verified publisher icon mvines

Use keyring to store exchange secrets in system store

Open dmakarov opened this issue 10 months ago • 3 comments

It seems better to use encrypted storage for exchange sensitive data. Here’s an attempt to use keyring crate to interface with keychain on macos and secret-service on Linux.

What do you think?

dmakarov avatar Apr 22 '25 21:04 dmakarov

These changes store each ExchangeCredentials field as a separate keyring entry. Alternatively it may be better to serialize entire instance of ExchangeCredentials instance as a single byte array and store it in one keyring entry.

dmakarov avatar Apr 23 '25 01:04 dmakarov

I like the idea, and also would prefer to keep the existing filesystem-based storage around too so that users (me!!) can voluntarily migrate to using encrypted storage when it's convenient to do so

mvines avatar Aug 12 '25 16:08 mvines

I added a commit that preserves and queries the old credential database, if it exists. However all new set credentials commands will add the credentials to the keyring, even if the old database exists. The assumption is that the user will add the existing credentials to the keyring via the sys command line and remove the old database.

dmakarov avatar Aug 14 '25 17:08 dmakarov