Expand description
macOS Keychain integration for SSH / SFTP / FTP credentials.
The frontend stores passwords and key passphrases in the system Keychain
instead of re-sending them on every connect. Each credential is keyed by a
(service, account) pair where service is derived from CredentialKind
and account is an opaque string chosen by the caller (typically
"<username>@<host>:<port>").
On platforms without a Keychain:
save_password/delete_passwordreturn a “not supported” errorload_passwordreturnsOk(None)so a “no saved credential” flow is indistinguishable from “no Keychain exists”, letting the UI fall back to a password prompt gracefully.
Secrets are held as String at the boundary and converted to &[u8] for
the Keychain API. They must never be logged — callers and this module use
tracing only to report the non-sensitive (service, account) pair.
Enums§
- Credential
Kind - Kinds of credential we persist. Serialised in snake_case on the wire so the
frontend can emit e.g.
{"kind": "ssh_password"}.
Functions§
- delete_
password - is_
supported - Whether this build can actually read / write the OS keychain. The frontend uses this to hide “Save to Keychain” UI on unsupported platforms instead of letting the save call error at runtime.
- list_
accounts - List all accounts stored under a given kind’s service. Returns an empty vector (not an error) when no entries exist or the platform has no keychain. Useful for the Settings UI to show the user what’s saved.
- load_
password - save_
password