Re: Modifying Emacs to use the Mac OS X Keychain Services

[Ted Zlatanov]

On Sun, 29 May 2011 20:08:26 -0500 Ben Key <address@hidden> wrote: 

BK> The Keychain Services allows you to store items in the Default Keychain, the
BK> Login Keychain (which may be the Default Keychain), or in a separate
BK> Keychain file.  Should I use the Default Keychain or use an Emacs specific
BK> Keychain file?  The benefit of using the Default Keychain is that the user
BK> should never be prompted to provide a password for the Keychain.  However,
BK> keeping the passwords in a separate, Emacs specific, Keychain file would
BK> have the benefit of keeping the passwords used by Emacs separate from other
BK> passwords.

secrets.el understands session aliases, and the "default" collection is
typically an alias (I've seen it set to the "session" or "login"
keychains).  "session" is usually temporary for the login session.  Does
the Mac OS API not allow that?

In any case, I would not make a separate keychain for Emacs, only make
it possible to do so.  Your implementation should integrate in the
native OS as much as possible, so use the Default keychain by default
and give a function to change that.

auth-source specifies secrets.el session aliases like so in the
defcustom:

#+begin_src lisp
(choice :tag "Collection to use"
        (string :tag "Collection name")
        (const :tag "Default" 'default)
        (const :tag "Login" "Login")
        (const
         :tag "Temporary" "session"))
#+end_src

I hope that's helpful.

Ted