Crate secret_service

source ·
Expand description

§Secret Service libary

This library implements a rust interface to the Secret Service API which is implemented in Linux.

§About Secret Service API

https://standards.freedesktop.org/secret-service/

Secret Service provides a secure place to store secrets. Gnome keyring and KWallet implement the Secret Service API.

§Basic Usage

use secret_service::SecretService;
use secret_service::EncryptionType;
use std::collections::HashMap;

#[tokio::main(flavor = "current_thread")]
async fn main() {
   // initialize secret service (dbus connection and encryption session)
   let ss = SecretService::connect(EncryptionType::Dh).await.unwrap();

   // get default collection
   let collection = ss.get_default_collection().await.unwrap();

   let mut properties = HashMap::new();
   properties.insert("test", "test_value");

   //create new item
   collection.create_item(
       "test_label", // label
       properties,
       b"test_secret", //secret
       false, // replace item with same attributes
       "text/plain" // secret content type
   ).await.unwrap();

   // search items by properties
   let search_items = ss.search_items(
       HashMap::from([("test", "test_value")])
   ).await.unwrap();

   // retrieve one item, first by checking the unlocked items
   let item = match search_items.unlocked.first() {
       Some(item) => item,
       None => {
           // if there aren't any, check the locked items and unlock the first one
           let locked_item = search_items
               .locked
               .first()
               .expect("Search didn't return any items!");
           locked_item.unlock().await.unwrap();
           locked_item
       }
   };

   // retrieve secret from item
   let secret = item.get_secret().await.unwrap();
   assert_eq!(secret, b"test_secret");

   // delete item (deletes the dbus object, not the struct instance)
   item.delete().await.unwrap()
}

§Overview of this library:

§Entry point

The entry point for this library is the SecretService struct. A new instance of SecretService will initialize the dbus connection and negotiate an encryption session.

SecretService::connect(EncryptionType::Plain).await.unwrap();

or

SecretService::connect(EncryptionType::Dh).await.unwrap();

Once the SecretService struct is initialized, it can be used to navigate to a collection. Items can also be directly searched for without getting a collection first.

§Collections and Items

The Secret Service API organizes secrets into collections, and holds each secret in an item.

Items consist of a label, attributes, and the secret. The most common way to find an item is a search by attributes.

While it’s possible to create new collections, most users will simply create items within the default collection.

§Actions overview

The most common supported actions are create, get, search, and delete for Collections and Items. For more specifics and exact method names, please see each struct’s documentation.

In addition, set and get actions are available for secrets contained in an Item.

§Crypto

Specifics in SecretService API Draft Proposal: https://standards.freedesktop.org/secret-service/

§Async

This crate, following zbus, is async by default. If you want a synchronous interface that blocks, see the blocking module instead.

Modules§

Structs§

Enums§

  • An error that could occur interacting with the secret service dbus interface.