`stellar keys add --secure-store` on Linux doesn't use encryption

[leighmcculloch]

What version are you using?

22.5.0

What did you do?

Want to store a key on Linux.

stellar keys add --secure-store

What did you expect to see?

Security guarantees on Linux when using the native key stores.

What did you see instead?

According to the soroban-cli/Cargo.toml file, the keyring dep that is used to write to native key stores is configured with the sync-secret-service feature without an accompanying crypto-* feature. The docs for the keyring indicate that secrets will only be encrypted in transit if a crypto feature is enabled.

Discussion

Is this a problem? I'm not sure. Maybe not being encrypted in transit is okay as long as it's encrypted at rest, but it's unclear from the docs if it is.

Should we be supporting the linux-native keyring feature?

In general the docs in the CLI --help for the add command are pretty light about what --secure-store means, and it could be fleshed out to communicate exactly how the key is being stored.