Use keyring to store exchange secrets in system store #17
Conversation
1b47930 to
14792ff
Compare
|
These changes store each ExchangeCredentials field as a separate keyring entry. Alternatively it may be better to serialize entire instance of ExchangeCredentials instance as a single byte array and store it in one keyring entry. |
ef49881 to
5a2a5c3
Compare
|
I like the idea, and also would prefer to keep the existing filesystem-based storage around too so that users (me!!) can voluntarily migrate to using encrypted storage when it's convenient to do so |
Also make sure the private key pem doesn't escape new lines
The old exchange credentials database will be queried, but any new credentials will be added to the keyring. Probably better not to mix the two sets of credentials. The assumption is that the user will add existing credentials to keyring via the sys command line and remove the old database, otherwise the old database will be used as long as it exists.
|
I added a commit that preserves and queries the old credential database, if it exists. However all new set credentials commands will add the credentials to the keyring, even if the old database exists. The assumption is that the user will add the existing credentials to the keyring via the sys command line and remove the old database. |
It seems better to use encrypted storage for exchange sensitive data. Here’s an attempt to use keyring crate to interface with keychain on macos and secret-service on Linux.
What do you think?