1// Copyright 2019 Keybase, Inc. All rights reserved. Use of 2// this source code is governed by the included BSD license. 3 4// +build linux,!android 5 6package libkb 7 8func NewSecretStoreAll(mctx MetaContext) SecretStoreAll { 9 g := mctx.G() 10 sfile := NewSecretStoreFile(g.Env.GetDataDir()) 11 sfile.notifyCreate = func(name NormalizedUsername) { notifySecretStoreCreate(mctx, name) } 12 ssecretservice := NewSecretStoreRevokableSecretService() 13 14 if mctx.G().Env.GetForceLinuxKeyring() { 15 return ssecretservice 16 } 17 18 if mctx.G().Env.ForceSecretStoreFile() || mctx.G().Env.RunningInCI() { 19 return sfile 20 } 21 22 shouldUpgradeOpportunistically := func() bool { 23 return false 24 } 25 shouldStoreInFallback := func(options *SecretStoreOptions) SecretStoreFallbackBehavior { 26 if options != nil && options.RandomPw { 27 // With RandomPW, always fallback to file based secret store (safer 28 // choice on Linux). 29 return SecretStoreFallbackBehaviorAlways 30 } 31 // Use system keychain but fall back to file store if not available. 32 return SecretStoreFallbackBehaviorOnError 33 } 34 return NewSecretStoreUpgradeable(ssecretservice, sfile, "system keyring", "file-based secret store (see https://keybase.io/docs/crypto/local-key-security)", shouldUpgradeOpportunistically, shouldStoreInFallback) 35} 36