Re: #7076 - Keychain access on Mac

On Mon, 5 Aug 2024 at 13:27, Yogesh Mahajan <yogesh(dot)mahajan(at)enterprisedb(dot)com>
wrote:

> Hi Hackers,
>
> Issue #7076 <https://github.com/pgadmin-org/pgadmin4/issues/7076> has
> been reported by many Mac users. Issue has popped up when python binary
> version is changed for the pgadmin.
>
> To save server passwords, pgadmin uses os level secret storage (in case of
> Mac it is keyring) and adds an entry for each save password. Whenever the
> python binary version is changed, keychain (python lib used to access
> keychain) asks for a password 2 times for accessing each entry. If you have
> 10 servers, then it will ask for 20 times.
>
> To fix the issue, pgadmin will follow the same approach as chrome.
> 1.An encryption key will be auto-generated and will be stored in the
> keychain.
> 2.Whenever save password request is received, encryption key will be used
> to encrypt password and encrypted password will be saved in the pgadmin
> database.
> 3.Similarly, while retrieving the password, encryption will be pulled from
> the keychain and will be used to decrypt the password.
> This will reduce password asks to 2 times on python binary version change.
>

That sounds almost like returning to the way things used to work with the
master password, except we auto-generate it, and store that in the
keychain. I assume we'd do the same on all platforms, using whatever the
equivalent store is on each?

Any idea why it asks for the login password twice per access on macOS?

--
Dave Page
pgAdmin: https://www.pgadmin.org
PostgreSQL: https://www.postgresql.org
EDB: https://www.enterprisedb.com

PGDay UK 2024, 11th September, London: https://2024.pgday.uk/