Skip to content

Implement kSecAttrGeneric to encode additional credential metadata #113

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Benehiko wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Implement kSecAttrGeneric to encode additional credential metadata #113

Benehiko wants to merge 2 commits into from

Conversation

@Benehiko
Copy link

@Benehiko Benehiko commented Jul 16, 2025

This patch adds the kSecAttrGeneric key so that credentials can store additional publicly available metadata on kSecClassGenericPassword credentials. The caller can add any generic metadata they'd like to store as long as it does not exceed the size of math.MaxUint32.

This allows for a wider variety of use cases where many secrets are fetched from the keychain without fetching the underlying secret. Additional filtering rules could apply on the fetch secrets based on the metadata.

More information about kSecAttrGeneric can be found here https://developer.apple.com/documentation/security/ksecattrgeneric

@Benehiko
Implement kSecAttrGeneric to encode additional credential metadata
702fce5 
This patch adds the `kSecAttrGeneric` key so that credentials can store
additional publicly available metadata on kSecClassGenericPassword
credentials. The caller can add any generic metadata they'd like to
store as long as it does not exceed the size of math.MaxUint32.

This allows for a wider variety of use cases where many secrets are fetched
from the keychain without fetching the underlying secret. Additional
filtering rules could apply on the fetch secrets based on the metadata.

More information about `kSecAttrGeneric` can be found here https://developer.apple.com/documentation/security/ksecattrgeneric

Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
Benehiko
Benehiko commented Jul 16, 2025
View reviewed changes
corefoundation.go
Comment on lines +225 to +226
enc := gob.NewEncoder(&b)
if err := enc.Encode(val); err != nil {
Copy link
Author

@Benehiko Benehiko Jul 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe there's a more efficient way of doing this?

@Benehiko
Copy link
Author

Benehiko commented Jul 16, 2025
edited
Loading

I'll add some tests soon. done

@Benehiko
Test generic attributes on macOS
9959547 
Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Benehiko