Closed marekvospel closed 5 months ago
marekvospel
commented
1 year ago It also seems like there is some accounts integration https://github.com/KDE/kaccounts-integration, which at least looks simillar to android's accounts settings, and eventhough I'm not 100% sure, I think those passwords are stored inside the secrets application.
JonasKruckenberg
commented
1 year ago So elk doesn't actually store any user passwords, it actually never gets to see either the email or password. The only thing elk gets to hold onto is an oauth token. And I guess storing that in a more secure place than just in a KV store on disk like right now might not hurt, but I don't know if that is what you had in mind?
marekvospel
commented
1 year ago So elk doesn't actually store any user passwords, it actually never gets to see either the email or password. The only thing elk gets to hold onto is an oauth token. And I guess storing that in a more secure place than just in a KV store on disk like right now might not hurt, but I don't know if that is what you had in mind?
Yes, that is exatly what I mean.
JonasKruckenberg
commented
5 months ago Hey! Just letting you know that elk-native is no longer maintained, much of the team has moved on or is busy with other projects (there's only so much time in a day 😅), so this issue will likely not be fixed. Please use the actively maintained elk PWA instead.
Thanks so much for your support and understanding so far! ❤️
On linux, there are many apps (such as kdewallet5 or gnome keyring), that provide
org.freedesktop.secrets, so apps can ask them for passwords, login tokens etc, which these apps usually store in some encrypted way.This basically functions like password manager, you login with a master password to decrypt the keyring and all other services can use different passwords, which you don't have to remember.
I've created this issue to track the progress, as I plan to implement this, but it's going to take me some time. (due to needed research, falling back to filesystem storage etc.)
I'm also not aware of whether those APIs exist on windows & macos, so this issue can also be used for discussion about implementing this on windows and macos.