support reading passwords using org.freedesktop.secrets spec (a.k.a, from keyring)

[Avinash-Bhat]

(Storing passwords in plain text may not be a good idea.)

It would be quite easier if the app reads from the keyring (https://www.freedesktop.org/wiki/Specifications/secret-storage-spec/) using config like:

[servers.liberachat.sasl.plain]
username = "foobar"
use_keyring = true

If the keyring doesn't have the password, then the password can be taken from the user and stored in the keyring.

crate libsecret can be used for this purpose

[KaiKorla]

Maybe a generic way is possible to have this feature on Windows (Credential Manager) and MacOS (Password App).

[ThomasLamprecht]

It might be generic enough to add an option for defining a password command from which the password is read via stdout.

This would allow the use of standard password manager CLI tools, such as Pass and GoPass, as well as the various CLI tools for services like Bitwarden, 1Password, etc., or secret-tool, which is a small tool provided by the libsecret project, which OP referred too and would support the use case here, as it that can access the GNOME Keyring and any other service that implements the DBus Secret Service API.

I'm not sure what the situation is on Windows and macOS, but I hope those systems have something basic that can handle authentication out of band and output the password if that succeeds.

There are certainly other ways, but a password command is a common option for many projects, such as git, isync/mbsync, restic, mutt, SSH, etc., as it's flexible and can be made as secure as possible.

Another advantage of this option is that one doesn't have to add a new dependency to the crate nor increase the number of libraries with which the resulting Halloy executable is linked, since executing a command and reading its standard output is supported by Rust's standard library and basically any relevant async runtime.