Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Swap from keyring to using
security
directly for debug builds.
This isn't *great*, but it does significantly improve local developer ergonomics. Prior to this change, things worked just fine (WRT the keychain parts), but the ergonomics kinda sucked. This is because, by default, only the application that writes the keychain entry is allowed to read from it. So what would happen during development is that you'd compile, go through the oauth device flow then realize you have to fix some bug, fix the bug, then try to run the application again: 💥 macOS password prompt. The changes here in this commit work around the issue by using `security` (the macOS built-in CLI for handling this stuff). That results in the keychain entry always being read/written by a stable binary so debug builds/re-builds don't have issue. The downside here, is that "anyone" that can execute `security` can read the password. For what it's worth, this is exactly what `gh` does. See some references below: - cli/cli#7043 - https://github.com/zalando/go-keyring - cli/cli#7123 - cli/cli#7023 (comment)
- Loading branch information