Desktop: Use Electron safeStorage
for keychain support
#10535
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This PR uses Electron
safeStorage
when available and falls back tokeytar
.On desktop, fixes #8829.
May also fix #10526.
This pull request:
The CLI app doesn't have access to Electron APIs, and so will still need to use
keytar
after this pull request.To-do
KvStore
.safeStorage
doesn't seem to provide key-value storage. Instead, it provides methods that encrypt or decrypt data.settings
table, using theencryptedValue.
key prefix. For example, a setting with keysync.6.password
would have its encrypted value stored asencryptedValue.sync.6.password
.encrypted-settings.json
file). This could make it clear that these settings need special care when creating a backup of Joplin (if backing up by copying the database). It would also avoid reusing the existingsettings
table.keychain.supported
needs to be reset to -1 on existing installs for the keychain check to be re-run (allowing the keychain to be used).safeStorage
.Testing
So far, limited manual testing has been done on Ubuntu 24.04:
Setting.resetKey('keychain.supported')
from Joplin's development tools, then restart Joplin.key
.KeychainService: check was already done - skipping. Supported: 1
appears in the console.Additional manual testing will be necessary on Windows and MacOS.