element-desktop
element-desktop copied to clipboard
element-hq
Enable generic secrets in keytar via ipc
This PR implements an extended IPC interface (https://github.com/vector-im/element-web/pull/26405) between the electron platform and application. The interface can be used to set, retrieve and destroy arbitrary secrets, similar to saving pickle keys. Notably, these changes allow setting a value for a secret instead of just generating a random one and retrieving it. See also https://github.com/matrix-org/matrix-react-sdk/pull/11776.
Checklist
- [x] Ensure your code works with manual testing
- [ ] Linter and other CI checks pass
- [x] Sign-off given on the changes (see CONTRIBUTING.md)
Notes: none
This change has no change notes, so will not be included in the changelog.
It'd be good to avoid using keytar for new secrets code, can you use https://www.electronjs.org/docs/latest/api/safe-storage instead?
I can try to do that from the current branch, but the implementation would greatly benefit from parts of https://github.com/vector-im/element-desktop/pull/1087. Is there any timeline for that PR?
@Johennes is currently looking into scheduling for that work to continue, keep in mind that PR hasn't yet been tested, otherwise feel free to cargocult whatever you deem useful
Sadly, the keytar deprecation topic sits further down in our backlog right now. We'll probably not be able to pick this up ourselves in the near future but contributions would certainly be welcome.
I switched to a minimal setup with safeStorage. Note that the code uses a different store from global.store because the security assumptions are different and explicit exceptions to the global.store.clear() on logout would probably not play nicely with the rest.