Keychain.app

Question

Keychain.app

stuffmc opened this issue 9 years ago · 17 comments

It would be awesome if Alpha would integrate a little Keychain.app like the Mac app, with all the keys being in the Sandbox of the app, with ability to delete or modify or add.

Answer 1 · 2015-09-17T09:01:34.000Z

Sounds like an valuable plugin. I'm gonna implement it when some heap plugin fixes will be done.
@Legoless Is idea of plugin acceptable for Alpha framework?

Answer 2 · 2015-09-17T09:03:20.000Z

Yeah, this definitely works as an plugin.

Answer 3 · 2015-09-17T09:06:26.000Z

@Legoless Isn't 0.4.0 too far for this simple plugin? We have some volume issues on 0.3.0.

Answer 4 · 2015-09-17T09:07:56.000Z

Yeah, that is why I moved this into 0.4.0, but it can be implemented earlier as well.

Answer 5 · 2015-09-17T09:13:23.000Z

@stuffmc Can you provide short list of requirement features for keychain plugin? It will significantly boost plugin development.

Answer 6 · 2015-09-17T09:24:56.000Z

• Display the list of Keychain Items (keys) in a TableView
• Tap to show the password — probably by entering TouchID
• Swipe to Delete

That's a good start. Later you can add "Add a new Keychain Item", but start with Display & Delete first, which is why I need and can test. I don't actually need "Show the password" at first, if you want to prioritise.

Answer 7 · 2015-09-17T09:26:01.000Z

Should we allow secure data changing?

Answer 8 · 2015-09-17T09:27:18.000Z

I don't care about this for now :) but yeah, it's obviously on the road map later. For now, the fastest you give a list of keys (I don't need to see the password) and swipe to delete, the better :)

Answer 9 · 2015-09-17T09:40:11.000Z

I wouldn't make Touch ID for showing the password (touch to show is okay, but even so not necessary) - maybe later to access entire Alpha interface, to lock it for other testers if so required. But that's still far in the future.

Answer 10 · 2015-09-17T09:46:45.000Z

There are no reason to request TouchID since application can directly provide you keys.
There are a lot of security mechanism in iOS and about 14 general keys to provide filesystem security (plus a great bunch of keys for each file, etc.). If we can bypass all this guards we shouldn't request the same security layer we passed before.
Another question is should we provide access to this plugin remotely?

Answer 11 · 2015-09-17T09:47:39.000Z

Yes, we should provide it remotely for now, or add an option for developer to switch remote access off. Which should be available for all plugins anyway.

Answer 12 · 2015-09-17T09:50:13.000Z

It's a security vulnerability, isn't it?
I think we should disable remote access by default since most part of users wouldn't use remote feature of Alpha.

Answer 13 · 2015-09-17T09:51:33.000Z

Alpha itself is a security vulnerability if left inside the app. Only meant for testing. But I do agree that remote should be off by default.

Answer 14 · 2015-09-21T11:53:30.000Z

Touch base... Guys have something?

Answer 15 · 2015-09-21T11:54:53.000Z

No ups from me. I'm looking for fixing existing staff as the first priority vs new functionality.
Feel free to contribute your PL.

Answer 16 · 2015-10-01T21:15:23.000Z

@stuffmc, I've pushed 0.2.7, which has a basic Keychain plugin, read-only for now. Going to add delete, edit and add functionality later. Check it out, if this is something you were looking for.

Answer 17 · 2015-10-02T08:37:44.000Z

@Legoless Great! Will do as soon as I need it again. Could be anytime in the project I'm busy for now.