keychain

package module
v0.1.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 9, 2023 License: Apache-2.0 Imports: 2 Imported by: 0

README

Go macOS keychain

An intutive golang API for the macOS keychain.

Create a better user experience by storing tokens etc. in the macOS keychain, protected by the user's system password.

The only dependency is keybase/go-keychain, which is used to communicate to the macOS keychain API directly, in stead for through the security-binary, which makes the keys available to all processes that can run that binary.

When fetching a key, the user will be asked if the app should be granted permission to retrieve the key: ["Allow", "Deny", "Always allow]

If the user chooses "Always allow", the app will be added in the access-list for that key. NOTE: A new version of the app will ultimatly prompt the user to allow it again, as the checksum of the app has changed. More details here

Get

go get github.com/EikaGruppen/go-macos-keychain@v0.1.0

Usage

keys := keychain.NewKeychainClient("my-app")

name, value := "id_for_pass", "the pass"

err := keys.Update(name, value)
if err != nil {
	//handle err
}

fromKeychain, err := keys.Get(name)
if err != nil {
	if _, ok := err.(*keychain.KeyNotFoundError); ok {
		//handle
	} else if _, ok := err.(*keychain.UserAbortedPromptError); ok {
		//handle
	} else {
		//handle
	}
}

err = keys.Delete(name)
//handle err

Prompt

┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
┃                                                                ┃
┃     _my app_ wants to access _my item_ in OS keychain          ┃
┃   =====================================================        ┃
┃                                                                ┃
┃                                                                ┃
┃        | Always allow |      | Deny |       | Allow |          ┃
┃                                                                ┃
┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┛

The user will be prompted with something like this as a macOS GUI window. If the user chooses Always allow, they will not be prompted until the checksum of the app changes (new build).

Non-goals

  • Creating custom keychains
    • As Apple states:

...unnecessary for anything other than an app trying to replicate the keychain access utility. source

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewKeychainClient 

func NewKeychainClient(name string) *keychainClient

Returns a KeychainClient for specified app name That struct can be used to fetch, update and delete keys

Types

type KeyNotFoundError 

type KeyNotFoundError struct {
	// contains filtered or unexported fields
}

func (*KeyNotFoundError) Error 

func (e *KeyNotFoundError) Error() string

type UserAbortedPromptError 

type UserAbortedPromptError struct{}

func (*UserAbortedPromptError) Error 

func (e *UserAbortedPromptError) Error() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.