emacs-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Modifying Emacs to use the Mac OS X Keychain Services


From: Ben Key
Subject: Re: Modifying Emacs to use the Mac OS X Keychain Services
Date: Sun, 5 Jun 2011 18:23:59 -0500

Ted Zlatanov wrote:

> Right, so the name of the collection is the serviceName as far as the OS
> is concerned.  That means it could be stored anywhere, right?

Yes.  A keychain item for a given serviceName can be stored anywhere.

> Does the user care what file it's stored in?  Can you have any
> serviceName in any file, or is there some connection or dependency
> between the two?

I do not know if the user cares what file it is stored in.  I just know what I see in auth-source.el.  In the auth-sources defcustom I see several items that appear to be related to using the secrets API as defined in secrets.el.  They are as follows:
  (const :tag "Default Secrets API Collection" 'default)
  (const :tag "Login Secrets API Collection" "secrets:Login")
  (const :tag "Temp Secrets API Collection" "secrets:session")

The value assigned to the auth-sources defcustom appears to be associated with the collection parameter that is used when calling secrets-get-secret and secrets-get-attributes.  I do not know enough Lisp to be certain of that.  It is the "secrets:Login" item that made me think I was misinterpreting the collection parameter in my implementation.  This item seems to exactly describe the Login keychain file in Mac OS X.  The default item seems to be analogous to the default keychain in Mac OS X, which is by default the Login keychain but can be changed to a user defined keychain file using the Keychain Access application.

As for your question about whether you can have any serviceName in any file, yes you can.  There is no dependency or connection between the serviceName parameter and the keychain file.

I just want to do this right.  If the right approach is to use the default keychain by default providing a way to customize Emacs to use another keychain file and interpreting the collection parameter as the service name, then that is the approach I will use.  But, if I should instead use the collection parameter as an indication of which keychain file to use, as the three "Secrets API Collection" items in the auth-sources defcustom imply I should, then that is the approach I will use.

It seems that you favor the first approach.  Are there any other opinions?


reply via email to

[Prev in Thread] Current Thread [Next in Thread]