Credentials and the Secrets API...

Credentials and the Secrets API...

[John Szakmeister]

Just wanted to keep folks in the loop.  It turns out that the Secrets
API is still to young.  I asked about the format to store credentials
in (as far as attributes), and got a response from a KDE developer
that says it's still to young on their front.  They hope to have
support in the next release of KDE.  But there's still the issue of
what attributes to use.

With that information, I went ahead and created a
gnome-credential-keyring that uses Gnome's Keyring facility.  I still
need to do a few more things (mainly run it against Jeff's tests), but
it's generally working.  Just wanted to keep folks in the loop.
Hopefully, I can get patches out this weekend.

Jeff: it would be really excellent to break out the various pieces.  I
think it would also be better to split the asking for passwords from
the storing of passwords.

-John

Re: Credentials and the Secrets API...

[Jeff King]

On Thu, Oct 27, 2011 at 12:05:03PM -0400, John Szakmeister wrote:

> Just wanted to keep folks in the loop.  It turns out that the Secrets
> API is still to young.  I asked about the format to store credentials
> in (as far as attributes), and got a response from a KDE developer
> that says it's still to young on their front.  They hope to have
> support in the next release of KDE.  But there's still the issue of
> what attributes to use.

Thanks for looking into this. That explains why I had such trouble
finding good documentation on it.

> With that information, I went ahead and created a
> gnome-credential-keyring that uses Gnome's Keyring facility.  I still
> need to do a few more things (mainly run it against Jeff's tests), but
> it's generally working.  Just wanted to keep folks in the loop.
> Hopefully, I can get patches out this weekend.

Great, I'm looking forward to reading it.

> Jeff: it would be really excellent to break out the various pieces.  I
> think it would also be better to split the asking for passwords from
> the storing of passwords.

That's my current plan. I just need to stop dragging my feet on
re-rolling the series.

-Peff

Re: Credentials and the Secrets API...

[John Szakmeister]

On Thu, Oct 27, 2011 at 1:48 PM, Jeff King <peff@peff.net> wrote:
> On Thu, Oct 27, 2011 at 12:05:03PM -0400, John Szakmeister wrote:
[snip]
>> With that information, I went ahead and created a
>> gnome-credential-keyring that uses Gnome's Keyring facility.  I still
>> need to do a few more things (mainly run it against Jeff's tests), but
>> it's generally working.  Just wanted to keep folks in the loop.
>> Hopefully, I can get patches out this weekend.
>
> Great, I'm looking forward to reading it.

I've pushed up the work I've done to:
   <https://github.com/jszakmeister/git-credential-keyring>

There's not much to it.  It also doesn't handle certs and that sort of
thing.  I think we need to figure out which protocols need to be
handled differently so that we can use the appropriate api for the
keyring-like api. :-)

I also chose this way instead of a patch to git, because it appears
your work is no longer in pu (I must have missed the fact that it was
removed).  Once your work makes it way back in, I can look into
getting it into the contrib area, if that's desired.

>> Jeff: it would be really excellent to break out the various pieces.  I
>> think it would also be better to split the asking for passwords from
>> the storing of passwords.
>
> That's my current plan. I just need to stop dragging my feet on
> re-rolling the series.

Sounds good!  I'll be happy to update when you do re-roll it.  The
test you sent out was very helpful, BTW.  I do think the test cases
with no context are a bit broken though.  It doesn't seem right to ask
the storage backend to retrieve a password without any context at all,
IMHO.  My implementation doesn't pass those two tests.  It does pass
the rest of them though.

-John

Re: Credentials and the Secrets API...

[Ted Zlatanov]

On Thu, 27 Oct 2011 12:05:03 -0400 John Szakmeister <john@szakmeister.net> wrote: 

JS> Just wanted to keep folks in the loop.  It turns out that the Secrets
JS> API is still to young.  I asked about the format to store credentials
JS> in (as far as attributes), and got a response from a KDE developer
JS> that says it's still to young on their front.  They hope to have
JS> support in the next release of KDE.  But there's still the issue of
JS> what attributes to use.

JS> With that information, I went ahead and created a
JS> gnome-credential-keyring that uses Gnome's Keyring facility.  I still
JS> need to do a few more things (mainly run it against Jeff's tests), but
JS> it's generally working.  Just wanted to keep folks in the loop.
JS> Hopefully, I can get patches out this weekend.

Do you think the Secrets API has matured enough?  KDE has had a new
release since your post...

Thanks
Ted

Re: Credentials and the Secrets API...

[John Szakmeister]

On Thu, Feb 7, 2013 at 9:46 AM, Ted Zlatanov <tzz@lifelogs.com> wrote:
> On Thu, 27 Oct 2011 12:05:03 -0400 John Szakmeister <john@szakmeister.net> wrote:
>
> JS> Just wanted to keep folks in the loop.  It turns out that the Secrets
> JS> API is still to young.  I asked about the format to store credentials
> JS> in (as far as attributes), and got a response from a KDE developer
> JS> that says it's still to young on their front.  They hope to have
> JS> support in the next release of KDE.  But there's still the issue of
> JS> what attributes to use.
>
> JS> With that information, I went ahead and created a
> JS> gnome-credential-keyring that uses Gnome's Keyring facility.  I still
> JS> need to do a few more things (mainly run it against Jeff's tests), but
> JS> it's generally working.  Just wanted to keep folks in the loop.
> JS> Hopefully, I can get patches out this weekend.
>
> Do you think the Secrets API has matured enough?  KDE has had a new
> release since your post...

Yes, I think it has.  Several other applications appear to be using
it, including some things considered "core" in Fedora--which is a good
sign.

-John

Re: Credentials and the Secrets API...

[Ted Zlatanov]

On Sat, 9 Feb 2013 05:58:47 -0500 John Szakmeister <john@szakmeister.net> wrote: 

JS> On Thu, Feb 7, 2013 at 9:46 AM, Ted Zlatanov <tzz@lifelogs.com> wrote:
>> On Thu, 27 Oct 2011 12:05:03 -0400 John Szakmeister <john@szakmeister.net> wrote:
>> 
JS> Just wanted to keep folks in the loop.  It turns out that the Secrets
JS> API is still to young.  I asked about the format to store credentials
JS> in (as far as attributes), and got a response from a KDE developer
JS> that says it's still to young on their front.  They hope to have
JS> support in the next release of KDE.  But there's still the issue of
JS> what attributes to use.

>> Do you think the Secrets API has matured enough?  KDE has had a new
>> release since your post...

JS> Yes, I think it has.  Several other applications appear to be using
JS> it, including some things considered "core" in Fedora--which is a good
JS> sign.

Wonderful.  Do you still have interest in working on this credential?

Ted

Re: Credentials and the Secrets API...

[John Szakmeister]

On Wed, Feb 20, 2013 at 12:01 PM, Ted Zlatanov <tzz@lifelogs.com> wrote:
> On Sat, 9 Feb 2013 05:58:47 -0500 John Szakmeister <john@szakmeister.net> wrote:
[snip]
>
> JS> Yes, I think it has.  Several other applications appear to be using
> JS> it, including some things considered "core" in Fedora--which is a good
> JS> sign.
>
> Wonderful.  Do you still have interest in working on this credential?

I do, but I'm a bit short on time right now.  So if you or someone
else wants to pick up and run with it, please feel free.  If I get
some cycles over the next couple of months, I'll give it a go though.

-John