search

talonhub / community

Voice command set for Talon, community-supported.
MIT License
600 stars 763 forks source link

Add secrets support #1480

Open pokey opened 1 week ago

pokey commented 1 week ago

It would be useful to have a standard mechanism for secrets storage. Something like the following

@mod.action_class
class Actions:
    def secrets_get(name: str) -> str:
        """Get secret by name"""
        ...

    def secrets_set(name: str, value: str) -> None:
        """Get secret by name"""
        ...

I guess they could have type other than str for the value but might be easiest to just use strings as we wouldn't actually know the type statically anyway

There are different ways we could actually register / define the secrets. I personally keep my secrets in a directory called ~/envs, with read/write access only for my user, and where each subdirectory corresponds to the secrets for one service. Eg 

/Users/pokey/envs
├── airtable
│  ├── AIRTABLE_API_KEY
│  └── AIRTABLE_BASE_ID
├── openai
│  └── OPENAI_API_KEY
├── openvsx
│  └── OPEN_VSX_TOKEN
├── pypi
│  └── POETRY_PYPI_TOKEN_PYPI
└── toggl
   └── TOGGL_API_TOKEN

So if we wanted to support this kind of setup, we could allow user to have a setting eg

settings():
    user.secrets_dirs = ~/envs/toggl,~/envs/openai

Basically just a comma-separated list of directories, and any files in there will be read, and result in a secret whose name is the name of the file and whose value is the contents of the file, stripped of leading and trailing whitespace

But we could support multiple ways of actually defining the secrets, and they could all probably just register the secrets via the same user.secrets_set(...) api on Talon startup

This would be useful for:

nriley commented 1 week ago

Do we have support for talon.keychain on multiple platforms? That's what I use…

pokey commented 1 week ago

Ah interesting. 1Password api might be interesting to consider as well

nriley commented 1 week ago

Agreed, seems like we would be best off with something pluggable, where talon.keychain is one possible backend. I've tried to script the 1Password GUI (https://github.com/nriley/talon_community/blob/20e0fff55c9999785e6d026f4cbded68d55d9003/apps/1password/1password_mac.py#L35) but since it's Electron it's a total pain and very brittle.

I tested and there does not seem to be a talon.keychain implementation for Windows so we'd need something else there.

auscompgeek commented 1 week ago

There's the 1Password CLI, but first use has a permission prompt, so would be annoying if you don't have biometric auth (since we don't have async Talon actions).