iamb icon indicating copy to clipboard operation
iamb copied to clipboard
verified publisher icon ulyssa

Support storing session token in keyring

Open ulyssa opened this issue 2 years ago • 3 comments

It was pointed out in #130 that the permissions on the session.json file were broad, and, depending on the permissions of the path to the directory, could be readable by other users on the system. Rather than handle storing this information in a file, iamb could possibly store it in the operating system's keyring, so that it lives with the user's other stored passwords. There's a keyring crate that supports multiple platforms and could possibly be a good fit here.

ulyssa avatar Jul 08 '23 04:07 ulyssa

One thing to consider in implementing this is that some Linux users (myself, for example) do not run a secret-service daemon. It may be necessary to have a fallback method of handling sensitive session data.

ghost avatar Jul 09 '23 04:07 ghost

Rather than handle storing this information in a file, iamb could possibly store it in the operating system's keyring

As @ishigoya mentioned, several people do not use keyrings, I don't. Please consider these cases.

0323pin avatar Jul 14 '23 08:07 0323pin

I do not use keyrings I always have my local configs secrets on gopass/pass and have the config run it like I do with iamb and aerc, meli and other such cli/tui tools. I avoid keyrings in favor of pure pass/gopass I have friends that use bitwarden-cli

r3k2 avatar Jul 14 '23 16:07 r3k2