Open ghost opened 2 years ago
Hey there! It appears to me that 99designs/keyring supports more backends compared to go-keyring. Other than that, are there any differences between both of them? Looks like 99designs/keyring also supports KWallet as well custom keyring names while go-keyring has open PRs for a while now.
zalando/go-keyring
uses pure go implementation but 99designs
uses C bindings so you have to use the CGO flag properly. I've experienced many problems while using it, so I returned to use this library.
99designs
uses C bindings
At least for Linux, this is untrue, try CGO_ENABLED=0 GOOS=linux go build
in https://github.com/99designs/keyring and it will work, there's no direct code within 99designs/keyring
that uses cgo
, what OS are you building it for?
What other problems have you experienced aside from failing to enable cgo
at build time?
99designs
uses C bindingsAt least for Linux, this is untrue, try
CGO_ENABLED=0 GOOS=linux go build
in https://github.com/99designs/keyring and it will work, there's no direct code within99designs/keyring
that usescgo
, what OS are you building it for?What other problems have you experienced aside from failing to enable
cgo
at build time?
I haven't had any other problem. I use GoRelaser
to build it for Windows, macOS and Linux
We switched to 99designs/keyring but now are switching back to this package
On macOS, 99designs/keyring uses CGO (via https://github.com/99designs/go-keychain) to access the keychain while zalando/go-keyring shells out to the security
command.
The disadvantage of zalando/go-keyring's approach are:
When prompting for a password the process using the keychain is obfuscated and reported as security
, eg:
If the user grants "Always Allow" access to security
, any process including a bash script can read keychain items without a password prompt.
Because 99designs/keyring accesses the keychain directly through CGO instead of shelling out, an "Always Allow" grant only gives access to the specific binary using 99designs/keyring. So 99designs/keyring's approach is more secure, assuming the binary has a smaller attack surface area than security
.
@tekumara we agree with your summary.
I think we are happy to get PRs that advance MacOS integration. As we (maintainers) are no Mac users we rely on PR authors in this case. If you can build a PR that does not change the interface and build only with CGO for MacOS, then I think there is nothing that would stop the PR from being merged.
Hey there! It appears to me that 99designs/keyring supports more backends compared to go-keyring. Other than that, are there any differences between both of them? Looks like 99designs/keyring also supports KWallet as well custom keyring names while go-keyring has open PRs for a while now.