keychain

package

v0.2.2 Latest Latest Go to latest Published: May 14, 2026 License: MIT Imports: 5 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

gitlab.com/phpboyscout/go-tool-base

Links

Open Source Insights

Documentation ¶

Overview ¶

Package keychain is the optional OS-keychain backend for gitlab.com/phpboyscout/go-tool-base/pkg/credentials. Importing this package (even as a blank import) registers a go-keyring-backed implementation of credentials.Backend at init time, so any credential calls that follow route through the platform keychain: macOS Keychain, Linux Secret Service (GNOME Keyring, KWallet) via godbus, Windows Credential Manager via danieljoos/wincred.

The package carries the go-keyring dependency chain, so tools that must run without session-bus / keychain IPC (regulated builds, air- gapped deployments) simply omit the blank import from their cmd package. Go's linker dead-code elimination keeps go-keyring, godbus, and wincred out of their binary — verifiable via any SBOM tool that inspects the linked artefact. The same mechanism applies to cmd/gtb: delete cmd/gtb/keychain.go to ship a keychain-free gtb.

Index ¶

type Backend

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Backend ¶

type Backend struct{}

Backend implements credentials.Backend against the OS keychain via github.com/zalando/go-keyring. Its zero value is usable.

func (Backend) Available ¶

func (Backend) Available() bool

Available reports true — importing this subpackage is the caller's declaration that they want keychain-capable behaviour. The live "does it actually work right now" check is credentials.Probe.

func (Backend) Delete ¶

func (Backend) Delete(_ context.Context, service, account string) error

Delete removes a secret. Idempotent: returns nil when the entry does not exist. Only real failures surface as errors.

func (Backend) Retrieve ¶

func (Backend) Retrieve(_ context.Context, service, account string) (string, error)

Retrieve reads a secret. Returns credentials.ErrCredentialNotFound when the backend is functional but no entry exists for the pair — resolvers use this specific sentinel to decide whether to fall through. Other failures wrap the underlying error. Context is accepted for interface uniformity; see Store for the caveat.

func (Backend) Store ¶

func (Backend) Store(_ context.Context, service, account, secret string) error

Store writes a secret under the given service/account pair. Overwrites any existing entry. Neither argument is logged — callers may pass them to DEBUG log surfaces safely. Context is accepted for interface uniformity but ignored: go-keyring's underlying platform APIs (Keychain Services, Secret Service over D-Bus, Windows Credential Manager) do not expose cancellation. Callers needing a deadline on misbehaving local IPC should run this in a goroutine and drop the result when the context fires.

Source Files ¶

View all Source files

keychain.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL