fix(keychain): store large blobs on windows#474
Merged
Conversation
Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
![docker-agent[bot]](https://avatars.githubusercontent.com/in/2787757?s=60&v=4){kind=small}
joe0BAB
reviewed
Feb 27, 2026
Comment on lines
+376
to
+387
| var rawBlob []byte | ||
| if countStr, ok := gcAttributes[chunkCountKey]; ok { | ||
| count, err := strconv.Atoi(countStr) | ||
| if err != nil { | ||
| return nil, fmt.Errorf("invalid chunk count %q: %w", countStr, err) | ||
| } | ||
| rawBlob, err = k.readChunks(id, count) | ||
| if err != nil { | ||
| return nil, err | ||
| } | ||
| } else { | ||
| rawBlob = gc.CredentialBlob |
Collaborator
There was a problem hiding this comment.
would it make sense to dedupe this? Seeing the same code above.
joe0BAB
reviewed
Feb 27, 2026
| assert.False(t, isChunkCredential([]wincred.CredentialAttribute{})) | ||
| }) | ||
| } | ||
|
|
Collaborator
There was a problem hiding this comment.
Don't we want some more tests that verify Save/Filter/Get/Delete on credentials that need to be chunked work as expected?
Member
Author
There was a problem hiding this comment.
definitely, but i think this is good enough to get this fix in quickly
joe0BAB
approved these changes
Feb 27, 2026
Collaborator
joe0BAB
left a comment
joe0BAB
left a comment
There was a problem hiding this comment.
LGTM, tweaks are non blocking, let's do them in a follow up
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Some credentials - especially auth tokens, can be quite large. On windows the wincred store only supports up to 2560 bytes in length. This solution below chunks the credential into parts and stores those parts alongside the main ID.
Chunked credentials are always skipped when filtering credentials from the store by checking the
chunkCountKeyfrom the "main" credentials metadata.The
safelyCleanMetadafunction removes the attribute when reading the credential from the store.