Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider storing certificate and key in OS X Keychain #3271

Open
calmh opened this issue Jun 6, 2016 · 3 comments
Open

Consider storing certificate and key in OS X Keychain #3271

calmh opened this issue Jun 6, 2016 · 3 comments
Labels
enhancement New features or improvements of some kind, as opposed to a problem (bug)

Comments

@calmh
Copy link
Member

calmh commented Jun 6, 2016

On OS X at least, the system keychain is a secure way to store secrets. Secure in that it's encrypted at rest but transparently accessible to the application when the user has logged in and authenticated.

(Probably Windows has some equivalent.)
@calmh calmh added the enhancement New features or improvements of some kind, as opposed to a problem (bug) label Jun 6, 2016
@calmh calmh added this to the Unplanned (Contributions Welcome) milestone Jun 6, 2016
@calmh calmh changed the title Considering storing certificate and key in OS X Keychain Consider storing certificate and key in OS X Keychain Jun 6, 2016
@canton7
Copy link
Member

canton7 commented Jun 6, 2016

Make sure we consider multiple syncthing instances on the same machine, and instances installed on portable media.

@Avamander
Copy link

On most Linux distros there is some kind of keychain where the secrets could be stored.

@Ferroin
Copy link

Ferroin commented Jun 27, 2016

Other things to consider:

  1. Windows has such an interface too.
  2. On at least Linux, accessing the key-ring is dependent on running in a user session, not just under that particular username. Mandating this for storage would make it impossible to run Syncthing as a daemon at system startup on Linux.
  3. Both Windows and Linux prompt the user for credentials to access things on their key-ring.

@calmh calmh removed this from the Unplanned (Contributions Welcome) milestone Feb 11, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New features or improvements of some kind, as opposed to a problem (bug)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@calmh @canton7 @Ferroin @Avamander