encrypted file-based token storage with keyring abstraction#163
Open
Sreehari425 wants to merge 13 commits intoMrmayman:mainfrom
Open
encrypted file-based token storage with keyring abstraction#163Sreehari425 wants to merge 13 commits intoMrmayman:mainfrom
Sreehari425 wants to merge 13 commits intoMrmayman:mainfrom
Conversation
ported exprimental file branch
…and card layout chore: applied clippy suggetions
Contributor
Author
|
Build for app image : Github Action |
- perfers QL_FILE_SECRET for non-intractive - fall back to hidden TTY prompt when locked
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
so this PR adds an alternative to the system keyring for storing auth tokens since the keyring can be kinda unreliable on some setups
tokens are encrypted with AES-256-GCM and the key is derived via Argon2id so its not just a plaintext file chillin on disk. there's a password prompt on startup if the store is locked and a new Security tab in settings where you can swap backends set a password or nuke the store entirely
all the auth flows (microsoft, elyby, littleskin, yggdrasil) got refactored to go through a shared token_store abstraction instead of hitting the keyring directly which should make adding new backends way easier down the line
also accounts are filtered by backend so keyring accounts wont bleed into encrypted file mode and vice versa
new deps:
aes-gcmargon2base64rand