Open pokey opened 1 week ago
Do we have support for talon.keychain
on multiple platforms? That's what I use…
Ah interesting. 1Password api might be interesting to consider as well
Agreed, seems like we would be best off with something pluggable, where talon.keychain
is one possible backend. I've tried to script the 1Password GUI (https://github.com/nriley/talon_community/blob/20e0fff55c9999785e6d026f4cbded68d55d9003/apps/1password/1password_mac.py#L35) but since it's Electron it's a total pain and very brittle.
I tested and there does not seem to be a talon.keychain
implementation for Windows so we'd need something else there.
There's the 1Password CLI, but first use has a permission prompt, so would be annoying if you don't have biometric auth (since we don't have async Talon actions).
It would be useful to have a standard mechanism for secrets storage. Something like the following
I guess they could have type other than
str
for the value but might be easiest to just use strings as we wouldn't actually know the type statically anywayThere are different ways we could actually register / define the secrets. I personally keep my secrets in a directory called
~/envs
, with read/write access only for my user, and where each subdirectory corresponds to the secrets for one service. EgSo if we wanted to support this kind of setup, we could allow user to have a setting eg
Basically just a comma-separated list of directories, and any files in there will be read, and result in a secret whose
name
is the name of the file and whose value is the contents of the file, stripped of leading and trailing whitespaceBut we could support multiple ways of actually defining the secrets, and they could all probably just register the secrets via the same
user.secrets_set(...)
api on Talon startupThis would be useful for:
1479