Skip to content

Store/retrieve passwords with the system keyring #1499

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
rolandwalker wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Store/retrieve passwords with the system keyring #1499

rolandwalker wants to merge 1 commit into from

Conversation

@rolandwalker
Copy link
Contributor

@rolandwalker rolandwalker commented Jan 31, 2026

Description

  • Off by default.
  • Can be enabled by setting use_keyring = True in ~/.myclirc.
  • Can be enabled on a per-connection basis with --use-keyring=true at invocation time.
  • Note that the hostname is considered to be different if short or qualified.
  • A password can be reset with --use-keyring=reset at invocation time, or (not documented) using the keyring CLI tool.

Fixes #1496.

This was super easy to implement! But realistic tests look quite difficult.

Checklist

  • I've added this contribution to the changelog.md.
  • I've added my name to the AUTHORS file (or it's already there).
  • I ran uv run ruff check && uv run ruff format && uv run mypy --install-types . to lint and format the code.

@rolandwalker rolandwalker self-assigned this Jan 31, 2026
scottnemes
scottnemes reviewed Jan 31, 2026
View reviewed changes
scottnemes
scottnemes reviewed Jan 31, 2026
View reviewed changes
mycli/main.py
if show_warnings:
mycli.show_warnings = show_warnings

if use_keyring_cli_opt and use_keyring_cli_opt.lower() == 'reset':
Copy link
Contributor

@scottnemes scottnemes Jan 31, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You're pulling in True/False values as strings, so all of the logic needs to account for that. Easiest probably would be to just check the option variable and then set a new real bool var to use for your logic.

Copy link
Contributor Author

@rolandwalker rolandwalker Jan 31, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Isn't that exactly what we are doing, where the "new real bool var" is use_keyring?

Copy link
Contributor

@scottnemes scottnemes Jan 31, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is; I was mixing it up with the other suggestions because use_keyring_cli_opt is still a string and in this IF it is being treated like a bool. It works because all that really matters is that use_keyring_cli_opt is not none so you can .lower it. So I would recommend switching it to be more clear

if use_keyring_cli_opt is not None and use_keyring_cli_opt.lower() == 'reset':

That (to me at least) makes it clear what you're doing and that you don't actually care that it's a bool (or not really a bool in this case)

scottnemes
scottnemes reviewed Jan 31, 2026
View reviewed changes
mycli/main.py Outdated
use_keyring = True
reset_keyring = True
elif use_keyring_cli_opt is None:
use_keyring = mycli.config['main'].get('use_keyring')
Copy link
Contributor

@scottnemes scottnemes Jan 31, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar to above, will need as_bool to treat it as such.

Copy link
Contributor Author

@rolandwalker rolandwalker Jan 31, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right! Great catch. Our config library should really do that for us.

scottnemes
scottnemes reviewed Jan 31, 2026
View reviewed changes
@rolandwalker
store/retrieve passwords with the system keyring
2276391 
 * off by default
 * can be enabled by setting use_keyring = True in ~/.myclirc
 * can be enabled on a per-connection basis with --use-keyring=true at
   invocation time
 * note that the hostname is considered to be different if short or
   qualified
 * a password can be reset with --use-keyring=reset at invocation time,
   or (not documented) using the "keyring" CLI tool
@rolandwalker rolandwalker force-pushed the RW/save-passwords-in-system-keyring branch from 0d21049 to 2276391 Compare January 31, 2026 19:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@amjith amjith Awaiting requested review from amjith

@scottnemes scottnemes Awaiting requested review from scottnemes

Assignees

@rolandwalker rolandwalker

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Support reading passwords from the system keychain

3 participants

@rolandwalker @scottnemes