github.com/keybase/client/go@v0.0.0-20241007131713-f10651d043c8/libkb/secret_store_linux.go (about)

     1  // Copyright 2019 Keybase, Inc. All rights reserved. Use of
     2  // this source code is governed by the included BSD license.
     3  
     4  //go:build linux && !android
     5  // +build linux,!android
     6  
     7  package libkb
     8  
     9  func NewSecretStoreAll(mctx MetaContext) SecretStoreAll {
    10  	g := mctx.G()
    11  	sfile := NewSecretStoreFile(g.Env.GetDataDir())
    12  	sfile.notifyCreate = func(name NormalizedUsername) { notifySecretStoreCreate(mctx, name) }
    13  	ssecretservice := NewSecretStoreRevokableSecretService()
    14  
    15  	if mctx.G().Env.GetForceLinuxKeyring() {
    16  		return ssecretservice
    17  	}
    18  
    19  	if mctx.G().Env.ForceSecretStoreFile() || mctx.G().Env.RunningInCI() {
    20  		return sfile
    21  	}
    22  
    23  	shouldUpgradeOpportunistically := func() bool {
    24  		return false
    25  	}
    26  	shouldStoreInFallback := func(options *SecretStoreOptions) SecretStoreFallbackBehavior {
    27  		if options != nil && options.RandomPw {
    28  			// With RandomPW, always fallback to file based secret store (safer
    29  			// choice on Linux).
    30  			return SecretStoreFallbackBehaviorAlways
    31  		}
    32  		// Use system keychain but fall back to file store if not available.
    33  		return SecretStoreFallbackBehaviorOnError
    34  	}
    35  	return NewSecretStoreUpgradeable(ssecretservice, sfile, "system keyring", "file-based secret store (see https://keybase.io/docs/crypto/local-key-security)", shouldUpgradeOpportunistically, shouldStoreInFallback)
    36  }