Keychain.app

[stuffmc]

It would be awesome if Alpha would integrate a little Keychain.app like the Mac app, with all the keys being in the Sandbox of the app, with ability to delete or modify or add.

[OdNairy]

Sounds like an valuable plugin. I'm gonna implement it when some heap plugin fixes will be done. @Legoless Is idea of plugin acceptable for Alpha framework?

[Legoless]

Yeah, this definitely works as an plugin.

[OdNairy]

@Legoless Isn't 0.4.0 too far for this simple plugin? We have some volume issues on 0.3.0.

[Legoless]

Yeah, that is why I moved this into 0.4.0, but it can be implemented earlier as well.

[OdNairy]

@stuffmc Can you provide short list of requirement features for keychain plugin? It will significantly boost plugin development.

[stuffmc]

• Display the list of Keychain Items (keys) in a TableView • Tap to show the password — probably by entering TouchID • Swipe to Delete

That's a good start. Later you can add "Add a new Keychain Item", but start with Display & Delete first, which is why I need and can test. I don't actually need "Show the password" at first, if you want to prioritise.

[OdNairy]

Should we allow secure data changing?

[stuffmc]

I don't care about this for now :) but yeah, it's obviously on the road map later. For now, the fastest you give a list of keys (I don't need to see the password) and swipe to delete, the better :)

[Legoless]

I wouldn't make Touch ID for showing the password (touch to show is okay, but even so not necessary) - maybe later to access entire Alpha interface, to lock it for other testers if so required. But that's still far in the future.

[OdNairy]

There are no reason to request TouchID since application can directly provide you keys. There are a lot of security mechanism in iOS and about 14 general keys to provide filesystem security (plus a great bunch of keys for each file, etc.). If we can bypass all this guards we shouldn't request the same security layer we passed before. Another question is should we provide access to this plugin remotely?

[Legoless]

Yes, we should provide it remotely for now, or add an option for developer to switch remote access off. Which should be available for all plugins anyway.

[OdNairy]

It's a security vulnerability, isn't it? I think we should disable remote access by default since most part of users wouldn't use remote feature of Alpha.

[Legoless]

Alpha itself is a security vulnerability if left inside the app. Only meant for testing. But I do agree that remote should be off by default.

[stuffmc]

Touch base... Guys have something?

[OdNairy]

No ups from me. I'm looking for fixing existing staff as the first priority vs new functionality. Feel free to contribute your PL.

[Legoless]

@stuffmc, I've pushed 0.2.7, which has a basic Keychain plugin, read-only for now. Going to add delete, edit and add functionality later. Check it out, if this is something you were looking for.

[stuffmc]

@Legoless Great! Will do as soon as I need it again. Could be anytime in the project I'm busy for now.