You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
File based, e.g, SQLite, JSON file. Easiest in terms of OS portability, easy and familiar from a programmatic standpoint.
Would require implementing encryption, thus adding complexity (need to define a UI for setting the private key) and increases
the attack surface.
Keyring: Linux secret store, Windows credential management, etc..
Look into the keyring library - though its API is a bit limited (e.g, no ability to enumerate
all secrets under the service, requires utf-8 strings), might be able to simply store all keys in a single JSON string.
TPM: The most secure option, but also the most complex.
Where to store secrets:
File based, e.g, SQLite, JSON file. Easiest in terms of OS portability, easy and familiar from a programmatic standpoint.
Would require implementing encryption, thus adding complexity (need to define a UI for setting the private key) and increases
the attack surface.
Keyring: Linux secret store, Windows credential management, etc..
Look into the keyring library - though its API is a bit limited (e.g, no ability to enumerate
all secrets under the service, requires utf-8 strings), might be able to simply store all keys in a single JSON string.
TPM: The most secure option, but also the most complex.