#credentials #cross-platform #user-service #store #search #secret #password-manager

keyring-search

Cross-platform library for searching the platform specific credential store, made possible by keyring-rs

10 releases (6 stable)

1.2.1 Jun 27, 2024
1.2.0 Jun 25, 2024
0.2.2 May 22, 2024
0.1.0 May 21, 2024

#129 in Authentication


Used in konpeito

MIT/Apache

81KB
1.5K SLoC

Keyring-search v1

build dependencies crates.io docs.rs

Usage

To use this library in your project add the following to your Cargo.toml file:

[dependencies]
keyring-search = "1"

This is a cross-platform library for searching the platform specific keystore.

Currently supported platforms are Linux, Windows, macOS, and iOS.

Design

This crate, originally planned as a feature for keyring provides a broad search of the platform specific keystores based on user provided search parameters.

Windows

Windows machines have the option to search by 'user', 'service', or 'target'.

use keyring_search::{Search, Limit, List};

let result = Search::new()
    .expect("ERROR")
    .by_user("test-user");
let list = List::list_credentials(result, Limit::All)
    .expect("Error");

println!("{}", list);

Linux - Secret Service

If using the Linux Secret Service platform, the keystore is stored as a HashMap, and thus is more liberal with the keys that can be searched. Using the different search functions will search for those keys, with the exception of by_target searching for the key application. For more control over the by parameter, call the platform specific search_items.

use keyring_search::{Search, Limit, List};

let result = Search::new()
    .expect("ERROR")
    .by_user("test-user");
let list = List::list_credentials(result, Limit::All)
    .expect("Error");

println!("{}", list);

Linux - Keyutils

If using the Linux Keyutils platform, the keystore is non persistent and is used more as a secure cache. To utilize search of any keyring, call this function directly. The generic platform independent search defaults to the session keyring and ignores the by parameter. To customize the search for other keyrings besides session use search_by_keyring located in the keyutils module.

use keyring_search::{Search, Limit, List};

let result = Search::new()
    .expect("ERROR")
    .by_user("test-user@test-service");
let list = List::list_credentials(result, Limit::All)
    .expect("Error");

println!("{}", list);

MacOS

MacOS machines have the option to search by 'account', 'service', or 'label. by_user searches by account by_target searches by label by_service searches by service

use keyring_search::{Search, Limit, List};

let result = Search::new()
    .expect("ERROR")
    .by_user("test-user");
let list = List::list_credentials(result, Limit::All)
    .expect("Error");

println!("{}", list);

Errors

SearchError returns due to any error encountered while creating or performing a search, either due to regex, formatting, or construction of search. NoResults returns when no results are found. Unexpected returns when an unexpected parameter is passed to or returned from a function.

Examples

A working CLI application is bundled in the examples Default: cargo run --example cli (defaults to by target, requires a query entered at startup) By user:

cargo run --example cli -- --user test-user

By service:

cargo run --example cli -- --service test-service

By target:

cargo run --example cli -- --target test-target

Appending the subcommand limit to the end of any of these followed by a number will limit results to that amount.

cargo run --example cli -- --target test-target limit 2

Without the limit argument, the search defaults to displaying all results, although it is not necessary passing all gives the same result.

cargo run --example cli -- --target test-target all

The iOS module does not search the iCloud keychain used to store passwords. Instead it searches the app container for credentials. To build library for iOS use:

cargo lipo --manifest-path examples/ios/rs/Cargo.toml --release

in the project directory. This should be linked within the project already. Although the article is older and not all architectures outlined are still in use, information about building rust for iOS can be found here: rust on ios. It is worth noting the iOS application only simulates credential searching, by creating a credential when the search button is pressed. To get results, select 'user' and enter 'testAccount' then press the search button ('service' and 'testService' will also work) to see this functionality.

Client Testing

Basic tests for the search platform.

Platforms

MacOS, Windows, iOS, Linux-Keyutils/Secret Service

License

Licensed under either

at your option.

Dependencies

~0–13MB
~156K SLoC