The idea is to add a simple secrets key/value store interface that supports multiple backends so Behive can load and store secrets safely.
Why would that be useful?
To be able to store beehive's encrypted configuration secret (see https://github.com/muesli/beehive/pull/295) without requiring an environment variable or the password hardcoded in the URL string. The config would then be decrypted when Beehive boots using the password stored in the OS specific desktop session keyring if available.
If an encrypted configuration is not used, this would provide a safer alternative, where bees can mark certain configuration properties as secrets (i.e. a Slack token for example) and beehive would store it in the keyring, instead of writing it to the plain text JSON file when saving the config.
Ideas
I've been toying with https://github.com/99designs/keyring. Simple API and with all the backends we'd probably need for somethig like this already implemented.
The idea is to add a simple secrets key/value store interface that supports multiple backends so Behive can load and store secrets safely.
Why would that be useful?
Ideas
I've been toying with https://github.com/99designs/keyring. Simple API and with all the backends we'd probably need for somethig like this already implemented.