How to use keytar - 10 common examples
To help you get started, we’ve selected a few keytar examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
stanford-oval / almond-gnome / service / platform / index.js View on Github 
async init() {
const password = await keytar.getPassword('edu.stanford.Almond', 'database-key');
if (password) {
this._sqliteKey = password;
const sqlcipherCompat = this._prefs.get('sqlcipher-compatibility') || 3;
if (sqlcipherCompat !== 4) {
// if the database was created with an older version of sqlcipher, we need
// to tell sqlcipher what parameters to use to hash the key and encrypt/decrypt
//
// we do so with a temporary database to issue a pragma
const tmpdb = new sqlite3.Database(':memory:');
tmpdb.run('PRAGMA cipher_default_compatibility = ' + sqlcipherCompat);
await new Promise((resolve, reject) => {
tmpdb.close((err) => {
if (err)
reject(err);_migrateKeychain() {
console.log("---> Migrating keychain from Nylas Mail Basic")
try {
const raw = keytar.getPassword("Nylas Mail", "Nylas Mail Keys") || "{}";
const passwords = JSON.parse(raw);
const token = passwords["Nylas Account"]
if (token) {
keytar.replacePassword("Nylas", "Nylas Account", token)
}
} catch (err) {
console.error(err);
// dont' throw
}
}loadAuthTokens: function(successCallback) {
keytar.findCredentials("Tomatoad_Slack").then(creds => {
_authTokens = {}
let remaining = creds.length
if(creds.length === 0) {
successCallback()
}
creds.forEach(cred => {
// Note that I'm re-looking up the password using getPassword rather than just
// using the cred.password field because of this bug ...
// https://github.com/atom/node-keytar/issues/96
// Once released, I can remove the getPassword call and just use cred.password.
keytar.getPassword("Tomatoad_Slack", cred.account).then(pw => {
_authTokens[cred.account] = pw;_writeKeyHash(keys) {
// returns true if successful
return keytar.replacePassword(this.SERVICE_NAME, this.KEY_NAME, JSON.stringify(keys));
}}
const notification = {
title: 'Keys Done Generating',
body: 'Copy your public key by clicking the icon to the right of your name.',
}
this.props.toggleGeneratingKey()
this.setState({ submitted: true })
await this.props.addKey({ id: 999, name, privateKeyArmored: 'generating' })
const key = await generateKey({ name, email }, passphrase)
key.avatar = 9
key.id = 999
new Notification(notification.title, notification) // eslint-disable-line no-new
keytar.addPassword('felony', `${ name } <${ email }>`, passphrase)
await this.props.addKey(key)
this.props.toggleGeneratingKey()
}// Previously the master key was binary encoded, which caused compatibility
// issues with various keyrings. In 0.8.3, switch to hex encoding for storage.
const oldAccountName = 'login master key'
const accountName = 'login master key v2'
let oldMasterKey = keytar.getPassword(appName, oldAccountName)
let masterKey = keytar.getPassword(appName, accountName)
let success = false
if (masterKey === null) {
if (typeof oldMasterKey === 'string') {
// The user made a v1 (binary) key. Try converting it to hex if it
// appears to be 32 bytes.
let oldBuffer = new Buffer(oldMasterKey, 'binary')
if (oldBuffer.length === 32) {
success = keytar.addPassword(appName, accountName, oldBuffer.toString('hex'))
}
}
// Either the user denied access or no master key has ever been created.
// We can't tell the difference so try making a new master key.
success = success || keytar.addPassword(appName, accountName, CryptoUtil.getRandomBytes(32).toString('hex'))
if (success) {
// A key should have been created
masterKey = keytar.getPassword(appName, accountName)
}
}
if (typeof masterKey === 'string') {
// Convert from hex to binary
return (new Buffer(masterKey, 'hex')).toString('binary')let success = false
if (masterKey === null) {
if (typeof oldMasterKey === 'string') {
// The user made a v1 (binary) key. Try converting it to hex if it
// appears to be 32 bytes.
let oldBuffer = new Buffer(oldMasterKey, 'binary')
if (oldBuffer.length === 32) {
success = keytar.addPassword(appName, accountName, oldBuffer.toString('hex'))
}
}
// Either the user denied access or no master key has ever been created.
// We can't tell the difference so try making a new master key.
success = success || keytar.addPassword(appName, accountName, CryptoUtil.getRandomBytes(32).toString('hex'))
if (success) {
// A key should have been created
masterKey = keytar.getPassword(appName, accountName)
}
}
if (typeof masterKey === 'string') {
// Convert from hex to binary
return (new Buffer(masterKey, 'hex')).toString('binary')
} else {
throttleKeytar = true
setTimeout(() => {
throttleKeytar = false
}, 1000 * 60 * 60 * 24)
return null'use strict';
const speakeasy = require('speakeasy');
const notifier = require('node-notifier');
const keytar = require('keytar');
const ncp = require('copy-paste');
if (!process.argv[2]) {
console.error('Usage: quick-2fa --save KEY-NAME YOUR-KEY');
console.error('Usage: quick-2fa KEY-NAME');
process.exit(1);
}
if (process.argv[2] === '--save') {
const [, , , account, password] = process.argv;
const done = keytar.replacePassword('quick-2fa', account, password);
if (done) {
console.log('Key stored!', 'Now you can retrieve your two-factor authentication token by running:');
console.log(`$ quick-2fa ${account}`);
process.exit(0);
} else {
console.error('Failed to store your key!');
process.exit(1);
}
}
const key = process.argv[2] === '--key' ? process.argv[3] : keytar.getPassword('quick-2fa', process.argv[2]);
if (!key) {
console.error('Sorry, could not find your key...');
process.exit(1);
}getToken(answers.registry, answers.username, answers.email, answers.password || password, function (err, token) {
if (err) {
console.error(err)
process.exit(1)
}
console.log(token)
if (keytar && !password && answers.password) keytar.addPassword('npm-get-token', answers.username, answers.password)
conf.set('username', answers.username, 'user')
conf.set('email', answers.email, 'user')
conf.save('user')
})
})storage.set('is_authenticated', {}, error => {
keytar.deletePassword('cern-phone-app', 'access_token');
keytar.deletePassword('cern-phone-app', 'refresh_token');
keytar.deletePassword('cern-phone-app', 'tone_token');
if (error) {
console.log(`Error is_authenticated: ${error}`);
}
if (!authWindow) {
createAuthWindow();
}
if (mainWindow) {
mainWindow.destroy();
}
});
}keytar
Bindings to native Mac/Linux/Windows password APIs
