Re: #7076 - Keychain access on Mac

On Thu, 8 Aug 2024 at 13:46, Yogesh Mahajan <yogesh(dot)mahajan(at)enterprisedb(dot)com>
wrote:

> Hi Dave,
>
> Should I proceed with this approach?
>

Sure, go ahead.

>
> Thanks,
> Yogesh Mahajan
> EnterpriseDB
>
>
> On Thu, Aug 8, 2024 at 6:14 PM Dave Page <dpage(at)pgadmin(dot)org> wrote:
>
>>
>>
>> On Thu, 8 Aug 2024 at 13:38, Yogesh Mahajan <
>> yogesh(dot)mahajan(at)enterprisedb(dot)com> wrote:
>>
>>>
>>>
>>> Hi,
>>>
>>> On Thu, Aug 8, 2024 at 5:58 PM Dave Page <dpage(at)pgadmin(dot)org> wrote:
>>>
>>>>
>>>>
>>>> On Mon, 5 Aug 2024 at 13:27, Yogesh Mahajan <
>>>> yogesh(dot)mahajan(at)enterprisedb(dot)com> wrote:
>>>>
>>>>> Hi Hackers,
>>>>>
>>>>> Issue #7076 <https://github.com/pgadmin-org/pgadmin4/issues/7076> has
>>>>> been reported by many Mac users. Issue has popped up when python binary
>>>>> version is changed for the pgadmin.
>>>>>
>>>>> To save server passwords, pgadmin uses os level secret storage (in
>>>>> case of Mac it is keyring) and adds an entry for each save password.
>>>>> Whenever the python binary version is changed, keychain (python lib used to
>>>>> access keychain) asks for a password 2 times for accessing each entry. If
>>>>> you have 10 servers, then it will ask for 20 times.
>>>>>
>>>>> To fix the issue, pgadmin will follow the same approach as chrome.
>>>>> 1.An encryption key will be auto-generated and will be stored in the
>>>>> keychain.
>>>>> 2.Whenever save password request is received, encryption key will be
>>>>> used to encrypt password and encrypted password will be saved in the
>>>>> pgadmin database.
>>>>> 3.Similarly, while retrieving the password, encryption will be pulled
>>>>> from the keychain and will be used to decrypt the password.
>>>>> This will reduce password asks to 2 times on python binary version
>>>>> change.
>>>>>
>>>>
>>>> That sounds almost like returning to the way things used to work with
>>>> the master password, except we auto-generate it, and store that in the
>>>> keychain.
>>>>
>>>
>>> Yeah.
>>>
>>>
>>>> I assume we'd do the same on all platforms, using whatever the
>>>> equivalent store is on each?
>>>>
>>>
>>> Yes we will be doing the same on all supported platforms.
>>>
>>>
>>>>
>>>> Any idea why it asks for the login password twice per access on macOS?
>>>>
>>>
>>> This <https://github.com/jaraco/keyring/issues/644> is a known issue
>>> for keyring python lib. And this
>>> <https://github.com/jaraco/keyring/issues/619> one where the keychain
>>> asks for a password for accessing each entry.
>>>
>>
>> OK, thanks.
>> --
>> Dave Page
>> pgAdmin: https://www.pgadmin.org
>> PostgreSQL: https://www.postgresql.org
>> EDB: https://www.enterprisedb.com
>>
>> PGDay UK 2024, 11th September, London: https://2024.pgday.uk/
>>
>>

--
Dave Page
pgAdmin: https://www.pgadmin.org
PostgreSQL: https://www.postgresql.org
EDB: https://www.enterprisedb.com

PGDay UK 2024, 11th September, London: https://2024.pgday.uk/