Class: Ironclad::Cache::Keychain

Inherits:

Object

• Object
• Ironclad::Cache::Keychain

Defined in:

lib/ironclad/cache/keychain.rb

Overview

macOS Keychain via the ‘security` tool. The cache never expires; a key rotation is handled by writing (-U updates) the new value.

Instance Method Summary

• #initialize(account) ⇒ Keychain constructor

  A new instance of Keychain.

• #read(name) ⇒ Object
• #write(name, key) ⇒ Object

Constructor Details

#initialize(account) ⇒ Keychain

Returns a new instance of Keychain.

# File 'lib/ironclad/cache/keychain.rb', line 10

def initialize(account)
  @account = account
end

Instance Method Details

#read(name) ⇒ Object

# File 'lib/ironclad/cache/keychain.rb', line 14

def read(name)
  out, _err, status = Open3.capture3(
    'security', 'find-generic-password',
    '-a', @account, '-s', name, '-w'
  )
  status.success? ? out.chomp : nil
end

#write(name, key) ⇒ Object

# File 'lib/ironclad/cache/keychain.rb', line 22

def write(name, key)
  # The key passes via argv (briefly visible to the same user's `ps`); the
  # security tool has no stdin input mode. Acceptable for a local cache.
  system(
    'security', 'add-generic-password', '-U',
    '-a', @account, '-s', name, '-w', key,
    out: File::NULL, err: File::NULL
  )
end