keyring

package module
v1.11.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 11, 2026 License: MIT Imports: 24 Imported by: 5

README ¶

Keyring

Build Status Documentation

[!NOTE] This is a maintained fork of https://github.com/99designs/keyring which seems to be an abandoned project. Contributions are welcome, but keep in mind this is a side project and maintained on best effort basis!

Keyring provides a common interface to a range of secure credential storage services. Originally developed as part of AWS Vault, a command line tool for securely managing AWS access from developer workstations.

Currently Keyring supports the following backends

Usage

The short version of how to use keyring is shown below.

ring, _ := keyring.Open(keyring.Config{
  ServiceName: "example",
})

_ = ring.Set(keyring.Item{
	Key: "foo",
	Data: []byte("secret-bar"),
})

i, _ := ring.Get("foo")

fmt.Printf("%s", i.Data)

To configure TouchId biometrics:

keyring.Config.UseBiometrics = true
keyring.Config.TouchIDAccount = "cc.byteness.aws-vault.biometrics"
keyring.Config.TouchIDService = "aws-vault"
Windows Hello backend

The winhello backend stores encrypted envelopes in Windows Credential Manager. This may sound similar to the wincred backend, but the difference is encryption. Here, we don't store plaintext item data in Credential Manager. It is encrypted with AES-256-GCM, and the content encryption key is wrapped by a Windows Hello / Passport KSP key and unwrapped through an interactive private-key operation.

Upon the first use, a new Passport KSP key is created and stored in the user's protected key store. This operation requires user interaction and Windows Hello authentication. Later, whenever an item is accessed, the content encryption key is unwrapped by the Passport KSP key, which requires Windows Hello authentication again. This means that every access to the stored secrets requires user presence and authentication through Windows Hello (using PIN, fingerprint, face ID, etc.).

This protects against silent reads of the stored Credential Manager blob. It does not protect against malware that can read process memory after a successful unlock, inject into an approved process, or steal credentials after they are handed to a caller.

To use the Windows Hello backend on Windows:

ring, err := keyring.Open(keyring.Config{
  ServiceName: "example",
  AllowedBackends: []keyring.BackendType{
    keyring.WinHelloBackend,
  },
})
if err != nil {
  return err
}

For more detail on the API please check the keyring godocs

Reducing the dependency surface (opt-out build tags)

The cross-platform backends compile into every build, whether or not you use them, along with their dependency trees. If you know at build time that you don't need a backend, an opt-out build tag excludes it (and its dependencies) from compilation:

Build tag Backends removed Headline dependencies dropped
keyring_no1password op, op-connect, op-desktop onepassword-sdk-go (incl. the wazero WebAssembly runtime), connect-sdk-go (incl. jaeger-client-go)
keyring_nofile file dvsekhvalnov/jose2go
keyring_nopass pass none (shells out to pass)
keyring_nopassage passage none (shells out to passage) 
go build -tags keyring_no1password ./...

The platform-specific backends (keychain, wincred, winhello, secret-service, kwallet, keyctl) are already gated by GOOS constraints and need no tags. Default builds (no tags) are unaffected. An excluded backend is simply absent from AvailableBackends(), and requesting it explicitly returns ErrNoAvailImpl — the same behavior as a backend that's unavailable on the current platform. The BackendType constants and Config fields are always present, so there is no API change under any tag.

Testing

Vagrant is used to create linux and windows test environments.

# Start vagrant
vagrant up

# Run go tests on all platforms
./bin/go-test

🧰 Contributing

Report issues/questions/feature requests on in the issues section.

Full contributing guidelines are covered here.

Maintainers

Documentation ¶

Overview ¶

Package keyring provides a uniform API over a range of desktop credential storage engines.

Index ¶

Examples ¶

Constants ¶

View Source 
const (
	KEYCTL_PERM_VIEW    = uint32(1 << 0)
	KEYCTL_PERM_READ    = uint32(1 << 1)
	KEYCTL_PERM_WRITE   = uint32(1 << 2)
	KEYCTL_PERM_SEARCH  = uint32(1 << 3)
	KEYCTL_PERM_LINK    = uint32(1 << 4)
	KEYCTL_PERM_SETATTR = uint32(1 << 5)
	KEYCTL_PERM_ALL     = uint32((1 << 6) - 1)

	KEYCTL_PERM_OTHERS  = 0
	KEYCTL_PERM_GROUP   = 8
	KEYCTL_PERM_USER    = 16
	KEYCTL_PERM_PROCESS = 24
)
View Source 
const (
	OPEnvVaultID            = "OP_VAULT_ID"
	OPItemFieldTitle        = "keyring"
	OPItemTag               = "keyring"
	OPItemTitlePrefix       = "keyring"
	OPItemTitlePrefixKeySep = ": "
)

Environment variable names and item naming conventions shared by the 1Password backends.

View Source 
const (
	OPConnectEnvHost       = "OP_CONNECT_HOST"
	OPConnectEnvToken      = "OP_CONNECT_TOKEN"
	OPConnectItemCategory  = connectop.ApiCredential
	OPConnectItemFieldType = connectop.FieldTypeConcealed
)

Environment variable names and item conventions for the 1Password Connect backend.

View Source 
const (
	OPStandardIntegrationName    = "keyring"
	OPStandardIntegrationVersion = "v1.0.0"
	OPStandardItemCategory       = onepassword.ItemCategoryAPICredentials
	OPStandardItemFieldType      = onepassword.ItemFieldTypeConcealed
)

Integration metadata and item conventions for onepassword-sdk-go based backends.

View Source 
const (
	OPDesktopEnvAccountID = "OP_DESKTOP_ACCOUNT_ID"
)

OPDesktopEnvAccountID is the environment variable holding the 1Password Desktop account ID.

View Source 
const (
	OPSrvAccountEnvToken = "OP_SERVICE_ACCOUNT_TOKEN"
)

OPSrvAccountEnvToken is the environment variable holding the 1Password Service Accounts token.

Variables ¶

View Source 
var (
	ErrEnvUnsetOrEmpty = errors.New("environment variable unset or empty")
	OPErrClient        = errors.New(
		"unable to create a 1Password Connect / Service Accounts / Desktop Integration client",
	)
	OPErrItemMultiple       = errors.New("found multiple matching 1Password items")
	OPErrItemTitleDuplicate = errors.New("found duplicate 1Password item title")
	OPErrKeyring            = errors.New(
		"unable to create a 1Password Connect / Service Accounts / Desktop Integration keyring",
	)
	OPErrTokenFuncNil = fmt.Errorf("%w: Token function is nil", OPErrClient)
	OPErrVaultID      = fmt.Errorf("%w: %w: %#v", OPErrKeyring, ErrEnvUnsetOrEmpty, OPEnvVaultID)
)

Errors shared by the 1Password backends.

View Source 
var (
	OPConnectErrHost = fmt.Errorf(
		"%w: %w: %#v",
		OPConnectErrKeyring,
		ErrEnvUnsetOrEmpty,
		OPConnectEnvHost,
	)
	OPConnectErrKeyring = errors.New("unable to create a 1Password Connect keyring")
)

Errors returned by the 1Password Connect backend.

View Source 
var (
	OPDesktopErrAccountID = fmt.Errorf(
		"%w: %w: %#v",
		OPDesktopErrKeyring,
		ErrEnvUnsetOrEmpty,
		OPDesktopEnvAccountID,
	)

	OPDesktopErrClient    = errors.New("unable to create a 1Password Desktop client")
	OPDesktopErrKeyring   = errors.New("unable to create a 1Password Desktop keyring")
	OPDesktopErrNewClient = fmt.Errorf(
		"%w: onepassword.NewClient returned an error",
		OPDesktopErrClient,
	)
	OPDesktopErrTimeout = fmt.Errorf(
		"%w: Timeout must be a non-zero duration",
		OPDesktopErrKeyring,
	)
)

Errors returned by the 1Password Desktop Integration backend.

View Source 
var (
	OPSrvAccountErrClient    = errors.New("unable to create a 1Password Service Accounts client")
	OPSrvAccountErrKeyring   = errors.New("unable to create a 1Password Service Accounts keyring")
	OPSrvAccountErrNewClient = fmt.Errorf(
		"%w: onepassword.NewClient returned an error",
		OPSrvAccountErrClient,
	)
	OPSrvAccountErrTimeout = fmt.Errorf(
		"%w: Timeout must be a non-zero duration",
		OPSrvAccountErrKeyring,
	)
)

Errors returned by the 1Password Service Accounts backend.

View Source 
var (
	// Debug specifies whether to print debugging output.
	Debug bool
)
View Source 
var ErrKeyNotFound = errors.New("the specified item could not be found in the keyring")

ErrKeyNotFound is returned by Keyring Get when the item is not on the keyring.

View Source 
var ErrMetadataNeedsCredentials = errors.New("the keyring backend requires credentials for metadata access")

ErrMetadataNeedsCredentials is returned when Metadata is called against a backend which requires credentials even to see metadata.

View Source 
var ErrMetadataNotSupported = errors.New("the keyring backend does not support metadata access")

ErrMetadataNotSupported is returned when Metadata is not available for the backend.

View Source 
var ErrNoAvailImpl = errors.New("specified keyring backend not available")

ErrNoAvailImpl is returned by Open when a backend cannot be found.

Functions ¶

func ExpandTilde ¶ 

func ExpandTilde(dir string) (string, error)

ExpandTilde will expand tilde (~/ and/or ~\ depending on OS) for the user home directory.

func GetKeyringIDForScope ¶ 

func GetKeyringIDForScope(scope string) (int32, error)

GetKeyringIDForScope get the keyring ID for a given scope.

func GetPermissions ¶ 

func GetPermissions(process, user, group, others uint32) uint32

GetPermissions constructs the permission mask from the elements.

func TerminalPrompt ¶ 

func TerminalPrompt(prompt string) (string, error)

TerminalPrompt prompts the user for a password on the terminal.

Types ¶

type ArrayKeyring ¶ 

type ArrayKeyring struct {
	// contains filtered or unexported fields
}

ArrayKeyring is a mock/non-secure backend that meets the Keyring interface. It is intended to be used to aid unit testing of code that relies on the package. NOTE: Do not use in production code.

func NewArrayKeyring ¶ 

func NewArrayKeyring(initial []Item) *ArrayKeyring

NewArrayKeyring returns an ArrayKeyring, optionally constructed with an initial slice of items.

func (*ArrayKeyring) Get ¶ 

func (k *ArrayKeyring) Get(key string) (Item, error)

Get returns an Item matching Key.

func (*ArrayKeyring) GetMetadata ¶ 

func (k *ArrayKeyring) GetMetadata(_ string) (Metadata, error)

GetMetadata returns the non-secret parts of an Item.

func (*ArrayKeyring) Keys ¶ 

func (k *ArrayKeyring) Keys() ([]string, error)

Keys provides a slice of all Item keys on the Keyring.

func (*ArrayKeyring) Remove ¶ 

func (k *ArrayKeyring) Remove(key string) error

Remove will delete an Item from the Keyring.

func (*ArrayKeyring) Set ¶ 

func (k *ArrayKeyring) Set(i Item) error

Set will store an item on the mock Keyring.

type BackendType ¶ 

type BackendType string

BackendType is an identifier for a credential storage service. 

const (
	InvalidBackend       BackendType = ""
	SecretServiceBackend BackendType = "secret-service"
	KeychainBackend      BackendType = "keychain"
	KeyCtlBackend        BackendType = "keyctl"
	KWalletBackend       BackendType = "kwallet"
	WinCredBackend       BackendType = "wincred"
	WinHelloBackend      BackendType = "winhello"
	FileBackend          BackendType = "file"
	PassBackend          BackendType = "pass"
	PassageBackend       BackendType = "passage"
	OPBackend            BackendType = "op"
	OPConnectBackend     BackendType = "op-connect"
	OPDesktopBackend     BackendType = "op-desktop"
)

All currently supported secure storage backends.

func AvailableBackends ¶ 

func AvailableBackends() []BackendType

AvailableBackends provides a slice of all available backend keys on the current OS.

type Config ¶ 

type Config struct {
	// AllowedBackends is a whitelist of backend providers that can be used. Nil means all available.
	AllowedBackends []BackendType

	// ServiceName is a generic service name that is used by backends that support the concept
	ServiceName string

	// MacOSKeychainNameKeychainName is the name of the macOS keychain that is used
	KeychainName string

	// KeychainTrustApplication is whether the calling application should be trusted by default by items
	KeychainTrustApplication bool

	// KeychainSynchronizable is whether the item can be synchronized to iCloud
	KeychainSynchronizable bool

	// KeychainAccessibleWhenUnlocked is whether the item is accessible when the device is locked
	KeychainAccessibleWhenUnlocked bool

	// KeychainPasswordFunc is an optional function used to prompt the user for a password
	KeychainPasswordFunc PromptFunc

	// FilePasswordFunc is a required function used to prompt the user for a password
	FilePasswordFunc PromptFunc

	// FileDir is the directory that keyring files are stored in, ~/ is resolved to the users' home dir
	FileDir string

	// KeyCtlScope is the scope of the kernel keyring (either "user", "session", "process" or "thread")
	KeyCtlScope string

	// KeyCtlPerm is the permission mask to use for new keys
	KeyCtlPerm uint32

	// KWalletAppID is the application id for KWallet
	KWalletAppID string

	// KWalletFolder is the folder for KWallet
	KWalletFolder string

	// LibSecretCollectionName is the name collection in secret-service
	LibSecretCollectionName string

	// PassDir is the pass password-store directory, ~/ is resolved to the users' home dir
	PassDir string

	// PassCmd is the name of the pass executable
	PassCmd string

	// PassPrefix is a string prefix to prepend to the item path stored in pass
	PassPrefix string

	// WinCredPrefix is a string prefix to prepend to the key name
	WinCredPrefix string

	// UseBiometrics is whether to use biometrics (where available) to unlock the keychain
	UseBiometrics bool

	// TouchIDAccount is the name of the account that we store the unlock password in keychain
	TouchIDAccount string

	// TouchIDService is the name of the service that we store the unlock password in keychain
	TouchIDService string

	// OPTimeout is the timeout for 1Password API operations (1Password Service Accounts only)
	OPTimeout time.Duration

	// OPVaultID is the UUID of the 1Password vault
	OPVaultID string

	// OPItemTitlePrefix is the prefix to prepend to 1Password item titles
	OPItemTitlePrefix string

	// OPItemTag is the tag to apply to 1Password items
	OPItemTag string

	// OPItemFieldTitle is the title of the 1Password item field
	OPItemFieldTitle string

	// OPConnectHost is the 1Password Connect server HTTP(S) URI
	OPConnectHost string

	// OPConnectTokenEnv is the primary environment variable from which to look up the 1Password Connect token
	OPConnectTokenEnv string

	// OPTokenEnv is the primary environment variable from which to look up the 1Password service account token
	OPTokenEnv string

	// OPTokenFunc is the function used to prompt the user for the 1Password Connect / service account token
	OPTokenFunc PromptFunc

	// OPDesktopAccountID is the 1Password account name or UUIDj for Desktop Integration (1Password Desktop App only)
	OPDesktopAccountID string
}

Config contains configuration for keyring.

type Item ¶ 

type Item struct {
	Key         string
	Data        []byte
	Label       string
	Description string

	// Backend specific config
	KeychainNotTrustApplication bool
	KeychainNotSynchronizable   bool
}

Item is a thing stored on the keyring.

type Keyring ¶ 

type Keyring interface {
	// Returns an Item matching the key or ErrKeyNotFound
	Get(key string) (Item, error)
	// Returns the non-secret parts of an Item
	GetMetadata(key string) (Metadata, error)
	// Stores an Item on the keyring
	Set(item Item) error
	// Removes the item with matching key
	Remove(key string) error
	// Provides a slice of all keys stored on the keyring
	Keys() ([]string, error)
}

Keyring provides the uniform interface over the underlying backends.

func Open ¶ 

func Open(cfg Config) (Keyring, error)

Open will open a specific keyring backend.

Example ¶ 
package main

import (
	"log"

	"github.com/byteness/keyring"
)

func main() {
	// Use the best keyring implementation for your operating system
	kr, err := keyring.Open(keyring.Config{
		ServiceName:    "my-service",
		UseBiometrics:  true,
		TouchIDAccount: "cc.byteness.aws-vault.biometrics",
		TouchIDService: "aws-vault",
	})
	if err != nil {
		log.Fatal(err)
	}

	v, err := kr.Get("llamas")
	if err != nil {
		log.Fatal(err)
	}

	log.Printf("llamas was %v", v)
}

type Metadata ¶ 

type Metadata struct {
	*Item
	ModificationTime time.Time
}

Metadata is information about a thing stored on the keyring; retrieving metadata must not require authentication. The embedded Item should be filled in with an empty Data field. It's allowed for Item to be a nil pointer, indicating that all we have is the timestamps.

type OPBaseKeyring ¶ added in v1.4.0 

type OPBaseKeyring struct {
	VaultID         string
	ItemTitlePrefix string
	ItemTag         string
	ItemFieldTitle  string
	TokenEnvs       []string
	TokenFunc       PromptFunc
}

OPBaseKeyring holds the configuration common to all 1Password backends.

func (*OPBaseKeyring) GetItemFromOPItemFieldValue ¶ added in v1.4.0 

func (k *OPBaseKeyring) GetItemFromOPItemFieldValue(opItemFieldValue string) (*Item, error)

GetItemFromOPItemFieldValue unmarshals a 1Password item field value into an Item.

func (*OPBaseKeyring) GetKeyFromOPItemTitle ¶ added in v1.4.0 

func (k *OPBaseKeyring) GetKeyFromOPItemTitle(opItemTitle string) string

GetKeyFromOPItemTitle derives the keyring key from a 1Password item title.

func (*OPBaseKeyring) GetOPItemFieldValueFromItem ¶ added in v1.4.0 

func (k *OPBaseKeyring) GetOPItemFieldValueFromItem(item *Item) (string, error)

GetOPItemFieldValueFromItem marshals an Item into a 1Password item field value.

func (*OPBaseKeyring) GetOPItemTitleFromKey ¶ added in v1.4.0 

func (k *OPBaseKeyring) GetOPItemTitleFromKey(key string) string

GetOPItemTitleFromKey derives the 1Password item title from a keyring key.

func (*OPBaseKeyring) GetOPToken ¶ added in v1.4.0 

func (k *OPBaseKeyring) GetOPToken(prompt string) (string, error)

GetOPToken returns the 1Password token from the configured environment variables, falling back to prompting via TokenFunc.

type OPConnectClientAPI ¶ added in v1.4.0 

type OPConnectClientAPI interface {
	CreateItem(item *connectop.Item, vaultQuery string) (*connectop.Item, error)
	DeleteItemByID(itemUUID string, vaultQuery string) error
	GetItemByUUID(uuid string, vaultQuery string) (*connectop.Item, error)
	GetItems(vaultQuery string) ([]connectop.Item, error)
	GetItemsByTitle(title string, vaultQuery string) ([]connectop.Item, error)
	UpdateItem(item *connectop.Item, vaultQuery string) (*connectop.Item, error)
}

OPConnectClientAPI is the subset of the 1Password Connect client used by this backend.

type OPConnectKeyring ¶ added in v1.4.0 

type OPConnectKeyring struct {
	OPBaseKeyring
	Host   string
	Client OPConnectClientAPI
}

OPConnectKeyring implements the Keyring interface for 1Password Connect.

func NewOPConnectKeyring ¶ added in v1.4.0 

func NewOPConnectKeyring(cfg *Config) (*OPConnectKeyring, error)

NewOPConnectKeyring creates a new 1Password Connect keyring.

func (OPConnectKeyring) Get ¶ added in v1.4.0 

func (k OPConnectKeyring) Get(key string) (Item, error)

Get returns the Item matching the given key, or ErrKeyNotFound.

func (OPConnectKeyring) GetMetadata ¶ added in v1.4.0 

func (k OPConnectKeyring) GetMetadata(_ string) (Metadata, error)

GetMetadata returns the non-secret parts of an Item.

func (*OPConnectKeyring) GetOPItem ¶ added in v1.4.0 

func (k *OPConnectKeyring) GetOPItem(key string) (*onepassword.Item, error)

GetOPItem returns the 1Password item matching the given key.

func (*OPConnectKeyring) GetOPItems ¶ added in v1.4.0 

func (k *OPConnectKeyring) GetOPItems() ([]onepassword.Item, error)

GetOPItems returns all keyring items from the configured vault.

func (*OPConnectKeyring) InitializeOPConnectClient ¶ added in v1.4.0 

func (k *OPConnectKeyring) InitializeOPConnectClient() error

InitializeOPConnectClient initializes the 1Password Connect client if needed.

func (OPConnectKeyring) Keys ¶ added in v1.4.0 

func (k OPConnectKeyring) Keys() ([]string, error)

Keys returns a slice of all keys stored on the keyring.

func (*OPConnectKeyring) PruneAndHydrateOPItemOverviews ¶ added in v1.4.0 

func (k *OPConnectKeyring) PruneAndHydrateOPItemOverviews(
	opConnectItemOverviews []connectop.Item,
) ([]onepassword.Item, error)

PruneAndHydrateOPItemOverviews filters item overviews down to keyring items and fetches their full contents.

func (OPConnectKeyring) Remove ¶ added in v1.4.0 

func (k OPConnectKeyring) Remove(key string) error

Remove deletes the item with the matching key.

func (OPConnectKeyring) Set ¶ added in v1.4.0 

func (k OPConnectKeyring) Set(item Item) error

Set creates or updates an Item.

type OPDesktopKeyring ¶ added in v1.5.0 

type OPDesktopKeyring struct {
	OPStandardKeyring
	DesktopAccountID string
	// contains filtered or unexported fields
}

OPDesktopKeyring implements Keyring interface for 1Password Desktop Integration

func NewOPDesktopKeyring ¶ added in v1.5.0 

func NewOPDesktopKeyring(cfg *Config) (*OPDesktopKeyring, error)

NewOPDesktopKeyring creates a new 1Password Desktop Integration keyring.

func (*OPDesktopKeyring) Get ¶ added in v1.5.0 

func (k *OPDesktopKeyring) Get(key string) (Item, error)

Get retrieves an item by key

func (*OPDesktopKeyring) GetMetadata ¶ added in v1.5.0 

func (k *OPDesktopKeyring) GetMetadata(key string) (Metadata, error)

GetMetadata returns metadata for a key

func (*OPDesktopKeyring) InitializeClient ¶ added in v1.5.0 

func (k *OPDesktopKeyring) InitializeClient() error

InitializeClient initializes the Desktop Integration client

func (*OPDesktopKeyring) Keys ¶ added in v1.5.0 

func (k *OPDesktopKeyring) Keys() ([]string, error)

Keys returns all keys in the keyring

func (*OPDesktopKeyring) Remove ¶ added in v1.5.0 

func (k *OPDesktopKeyring) Remove(key string) error

Remove deletes an item by key

func (*OPDesktopKeyring) Set ¶ added in v1.5.0 

func (k *OPDesktopKeyring) Set(item Item) error

Set creates or updates an item

type OPKeyringAPI ¶ added in v1.4.0 

type OPKeyringAPI interface {
	Keyring
	GetItemFromOPItemFieldValue(opItemFieldValue string) (*Item, error)
	GetKeyFromOPItemTitle(opItemTitle string) string
	GetOPItem(key string) (*onepassword.Item, error)
	GetOPItemFieldValueFromItem(item *Item) (string, error)
	GetOPItems() ([]onepassword.Item, error)
	GetOPItemTitleFromKey(key string) string
	GetOPToken(prompt string) (string, error)
}

OPKeyringAPI is the interface implemented by the 1Password backends.

type OPSrvAccountKeyring ¶ added in v1.5.0 

type OPSrvAccountKeyring struct {
	OPStandardKeyring
	// contains filtered or unexported fields
}

OPSrvAccountKeyring implements Keyring interface for 1Password Service Accounts

func NewOPSrvAccountKeyring ¶ added in v1.5.0 

func NewOPSrvAccountKeyring(cfg *Config) (*OPSrvAccountKeyring, error)

NewOPSrvAccountKeyring creates a new Service Account keyring

func (*OPSrvAccountKeyring) Get ¶ added in v1.5.0 

func (k *OPSrvAccountKeyring) Get(key string) (Item, error)

Get retrieves an item by key

func (*OPSrvAccountKeyring) GetMetadata ¶ added in v1.5.0 

func (k *OPSrvAccountKeyring) GetMetadata(key string) (Metadata, error)

GetMetadata returns metadata for a key

func (*OPSrvAccountKeyring) InitializeClient ¶ added in v1.5.0 

func (k *OPSrvAccountKeyring) InitializeClient() error

InitializeClient initializes the Service Account client

func (*OPSrvAccountKeyring) Keys ¶ added in v1.5.0 

func (k *OPSrvAccountKeyring) Keys() ([]string, error)

Keys returns all keys in the keyring

func (*OPSrvAccountKeyring) Remove ¶ added in v1.5.0 

func (k *OPSrvAccountKeyring) Remove(key string) error

Remove deletes an item by key

func (*OPSrvAccountKeyring) Set ¶ added in v1.5.0 

func (k *OPSrvAccountKeyring) Set(item Item) error

Set creates or updates an item

type OPStandardClientAPI ¶ added in v1.4.0 

type OPStandardClientAPI interface {
	Create(ctx context.Context, params onepassword.ItemCreateParams) (onepassword.Item, error)
	Delete(ctx context.Context, vaultID string, itemID string) error
	Get(ctx context.Context, vaultID string, itemID string) (onepassword.Item, error)
	List(
		ctx context.Context,
		vaultID string,
		filters ...onepassword.ItemListFilter,
	) ([]onepassword.ItemOverview, error)
	Put(ctx context.Context, item onepassword.Item) (onepassword.Item, error)
}

OPStandardClientAPI is the subset of the onepassword-sdk-go items client used by these backends.

type OPStandardKeyring ¶ added in v1.4.0 

type OPStandardKeyring struct {
	OPBaseKeyring
	Timeout time.Duration
	Client  OPStandardClientAPI
}

OPStandardKeyring contains shared logic for all onepassword-sdk-go based backends

func (OPStandardKeyring) Get ¶ added in v1.4.0 

func (k OPStandardKeyring) Get(key string) (Item, error)

Get returns the Item matching the given key, or ErrKeyNotFound.

func (OPStandardKeyring) GetMetadata ¶ added in v1.4.0 

func (k OPStandardKeyring) GetMetadata(_ string) (Metadata, error)

GetMetadata returns the non-secret parts of an Item.

func (*OPStandardKeyring) GetOPItem ¶ added in v1.4.0 

func (k *OPStandardKeyring) GetOPItem(key string) (*onepassword.Item, error)

GetOPItem returns the 1Password item matching the given key.

func (*OPStandardKeyring) GetOPItems ¶ added in v1.4.0 

func (k *OPStandardKeyring) GetOPItems() ([]onepassword.Item, error)

GetOPItems returns all keyring items from the configured vault.

func (OPStandardKeyring) Keys ¶ added in v1.4.0 

func (k OPStandardKeyring) Keys() ([]string, error)

Keys returns a slice of all keys stored on the keyring.

func (OPStandardKeyring) Remove ¶ added in v1.4.0 

func (k OPStandardKeyring) Remove(key string) error

Remove deletes the item with the matching key.

func (OPStandardKeyring) Set ¶ added in v1.4.0 

func (k OPStandardKeyring) Set(item Item) error

Set creates or updates an Item.

type PromptFunc ¶ 

type PromptFunc func(string) (string, error)

PromptFunc is a function used to prompt the user for a password.

func FixedStringPrompt ¶ 

func FixedStringPrompt(value string) PromptFunc

FixedStringPrompt returns a PromptFunc that always returns the given value.

Source Files ¶

View all Source files

Directories ¶

Path Synopsis
cmd
keyring command
Command keyring is a simple CLI for inspecting keyring backends.
 Command keyring is a simple CLI for inspecting keyring backends.
Package winhello implements a keyring backend backed by Windows Hello.
 Package winhello implements a keyring backend backed by Windows Hello.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.