Support Secret Service

[ModProg]

Secret service is an API usable to access keychains as well as some password managers like KeepassXC etc. through a unified api: https://specifications.freedesktop.org/secret-service/latest/

There is a rust crate to use it: https://lib.rs/crates/secret-service

[soywod]

Sounds a great feature, thanks for the idea!

[soywod]

I gather all Himalaya issues to the same bug tracker, so I transfer your issue here.

[soywod]

Himalaya now supports Secret Service via the keyring crate (only on master branch). For now, it is only used for IMAP password, OAuth 2.0 client secret and OAuth 2.0 access tokens but I plan to use it for everything sensitive. Works great, thank you for the idea!

[kj]

I'm not sure if this is documented anywhere yet, but I had to read through the source code to get this working. So in case it helps anyone else, under Linux you need to store the secret with the attribute service set to pimalaya and the attribute username set to whatever unique name you want to identify the secret with.

To store a secret, something like:

secret-tool store --label='Himalaya (Personal)' service pimalaya username himalaya/personal

-and enter the password when prompted.

Then in your Himalaya config:

imap-auth = 'passwd'
imap-passwd = { keyring = 'himalaya/personal' }

[soywod]

The documentation is not so clear yet, I will work on it. You just need to himalaya account configure: it will ask for your IMAP/SMTP password then store it for you in your global keyring. You don't even need to add imap-passwd.keyring = "himalaya/personal", a default one is generated: {account]-imap-passwd.

[kj]

Ah yes, I just noticed that command after I posted. I still like to configure manually, but good to know the way it's intended. I was curious anyway how the keyring actually works, so it gave me a good opportunity to learn something new. Thanks!