##// END OF EJS Templates
u » av6 » wip » mercurial_keyring
RSS

Clone from https://foss.heptapod.net/mercurial/mercurial_keyring

mekk.bitbucket.org → mekk.bitbucket.io
Marcin Kasperski -
r245:2428883c default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,349 +1,349 b''
1 .. -*- mode: rst; compile-command: "rst2html README.txt README.html" -*-
1 .. -*- mode: rst; compile-command: "rst2html README.txt README.html" -*-
2
2
3 =======================================================
3 =======================================================
4 Mercurial Keyring
4 Mercurial Keyring
5 =======================================================
5 =======================================================
6
6
7 Mercurial Keyring is a Mercurial_ extension used to securely save HTTP
7 Mercurial Keyring is a Mercurial_ extension used to securely save HTTP
8 and SMTP authentication passwords in password databases (Gnome
8 and SMTP authentication passwords in password databases (Gnome
9 Keyring, KDE KWallet, OSXKeyChain, Windows Vault etc).
9 Keyring, KDE KWallet, OSXKeyChain, Windows Vault etc).
10
10
11 With ``mercurial_keyring`` active, Mercurial remembers your passwords
11 With ``mercurial_keyring`` active, Mercurial remembers your passwords
12 and reuses them without prompting (as if you stored them in ``.hgrc``),
12 and reuses them without prompting (as if you stored them in ``.hgrc``),
13 but password storage is reasonably secure.
13 but password storage is reasonably secure.
14
14
15 Actual password storage is implemented by the keyring_ library, this
15 Actual password storage is implemented by the keyring_ library, this
16 extension glues it to Mercurial.
16 extension glues it to Mercurial.
17
17
18 .. contents::
18 .. contents::
19 :local:
19 :local:
20 :depth: 2
20 :depth: 2
21
21
22 .. sectnum::
22 .. sectnum::
23
23
24 .. _keyring: http://pypi.python.org/pypi/keyring
24 .. _keyring: http://pypi.python.org/pypi/keyring
25 .. _Mercurial: http://mercurial.selenic.com
25 .. _Mercurial: http://mercurial.selenic.com
26
26
27 How does it work
27 How does it work
28 =======================================================
28 =======================================================
29
29
30 On your first pull or push to HTTP url (or first email sent via given
30 On your first pull or push to HTTP url (or first email sent via given
31 SMTP server), you are prompted for the password, just like bare
31 SMTP server), you are prompted for the password, just like bare
32 Mercurial does. But the password you entered is saved to appropriate
32 Mercurial does. But the password you entered is saved to appropriate
33 password database. On successive runs, whenever the password is
33 password database. On successive runs, whenever the password is
34 needed, ``mercurial_keyring`` checks for password in password
34 needed, ``mercurial_keyring`` checks for password in password
35 database, and uses it without troubling you.
35 database, and uses it without troubling you.
36
36
37 In case password turns out to be incorrect (for example, because you
37 In case password turns out to be incorrect (for example, because you
38 changed it, or entered it incorrectly), ``mercurial_keyring`` prompts
38 changed it, or entered it incorrectly), ``mercurial_keyring`` prompts
39 you again, and overwrites the password.
39 you again, and overwrites the password.
40
40
41 You can use many passwords (for various remote urls). Saved passwords
41 You can use many passwords (for various remote urls). Saved passwords
42 are identified by pair of username and url prefix. See below for
42 are identified by pair of username and url prefix. See below for
43 information how to configure those properly.
43 information how to configure those properly.
44
44
45 Installation
45 Installation
46 =======================================================
46 =======================================================
47
47
48 Prerequisites
48 Prerequisites
49 -------------
49 -------------
50
50
51 This extension requires keyring_ and `mercurial_extension_utils`_ to
51 This extension requires keyring_ and `mercurial_extension_utils`_ to
52 work. In many cases both will be installed automatically while you
52 work. In many cases both will be installed automatically while you
53 install ``mercurial_keyring``, but you may need to control the process.
53 install ``mercurial_keyring``, but you may need to control the process.
54
54
55 The keyring_ library can usually be installed by::
55 The keyring_ library can usually be installed by::
56
56
57 pip install --user keyring
57 pip install --user keyring
58
58
59 (or ``easy_install keyring``), but on some systems it is preferable to
59 (or ``easy_install keyring``), but on some systems it is preferable to
60 use official distribution archive. For example, on Debian and Ubuntu,
60 use official distribution archive. For example, on Debian and Ubuntu,
61 you may install ``python-keyring`` and either ``python-keyring-gnome``
61 you may install ``python-keyring`` and either ``python-keyring-gnome``
62 or ``python-keyring-kwallet`` packages::
62 or ``python-keyring-kwallet`` packages::
63
63
64 sudo apt-get install python-keyring python-keyring-gnome
64 sudo apt-get install python-keyring python-keyring-gnome
65
65
66 (this will save you the need to provide working compiler and various
66 (this will save you the need to provide working compiler and various
67 development libraries).
67 development libraries).
68
68
69 The `mercurial_extension_utils`_ module is tiny Python-only module,
69 The `mercurial_extension_utils`_ module is tiny Python-only module,
70 which can be installed by::
70 which can be installed by::
71
71
72 pip install --user mercurial_extension_utils
72 pip install --user mercurial_extension_utils
73
73
74 but in some cases (Windows…) requires more care. See
74 but in some cases (Windows…) requires more care. See
75 `mercurial_extension_utils`_ documentation.
75 `mercurial_extension_utils`_ documentation.
76
76
77
77
78 Extension installation
78 Extension installation
79 ----------------------
79 ----------------------
80
80
81 There are two possible ways of installing the extension: using PyPi package,
81 There are two possible ways of installing the extension: using PyPi package,
82 or using source clone.
82 or using source clone.
83
83
84 To install as a package::
84 To install as a package::
85
85
86 pip install --user mercurial_keyring
86 pip install --user mercurial_keyring
87
87
88 (or ``sudo pip install mercurial_keyring`` for system-wide
88 (or ``sudo pip install mercurial_keyring`` for system-wide
89 installation) and then enable it in ``~/.hgrc`` (or
89 installation) and then enable it in ``~/.hgrc`` (or
90 ``/etc/mercurial/hgrc`` or ``Mercurial.ini``) using::
90 ``/etc/mercurial/hgrc`` or ``Mercurial.ini``) using::
91
91
92 [extensions]
92 [extensions]
93 mercurial_keyring =
93 mercurial_keyring =
94
94
95 To install using source clone, install keyring_ according to the
95 To install using source clone, install keyring_ according to the
96 instructions above, then clone::
96 instructions above, then clone::
97
97
98 hg clone https://bitbucket.org/Mekk/mercurial_keyring/
98 hg clone https://bitbucket.org/Mekk/mercurial_keyring/
99 hg clone https://bitbucket.org/Mekk/mercurial-extension_utils/
99 hg clone https://bitbucket.org/Mekk/mercurial-extension_utils/
100
100
101 and configure Mercurial using full path to the extension module::
101 and configure Mercurial using full path to the extension module::
102
102
103 [extensions]
103 [extensions]
104 mercurial_keyring = /path/to/mercurial_keyring/mercurial_keyring.py
104 mercurial_keyring = /path/to/mercurial_keyring/mercurial_keyring.py
105
105
106 .. _the code:
106 .. _the code:
107 .. _mercurial_keyring.py: http://bitbucket.org/Mekk/mercurial_keyring/src/tip/mercurial_keyring.py
107 .. _mercurial_keyring.py: http://bitbucket.org/Mekk/mercurial_keyring/src/tip/mercurial_keyring.py
108
108
109 Password backend configuration
109 Password backend configuration
110 =======================================================
110 =======================================================
111
111
112 The most appropriate password backend should usually be picked without
112 The most appropriate password backend should usually be picked without
113 configuration (considering installed libraries, operating system,
113 configuration (considering installed libraries, operating system,
114 active desktop session). Still, if necessary, it can be configured
114 active desktop session). Still, if necessary, it can be configured
115 using ``keyringrc.cfg`` file. Refer to keyring_ docs for more
115 using ``keyringrc.cfg`` file. Refer to keyring_ docs for more
116 details.
116 details.
117
117
118 .. note::
118 .. note::
119
119
120 With current (as I write) keyring (5.6), this file is (on Linux)
120 With current (as I write) keyring (5.6), this file is (on Linux)
121 located at ``~/.local/share/python_keyring/keyringrc.cfg`` and
121 located at ``~/.local/share/python_keyring/keyringrc.cfg`` and
122 it's example content looks like::
122 it's example content looks like::
123
123
124 [backend]
124 [backend]
125 default-keyring=keyring.backends.Gnome.Keyring
125 default-keyring=keyring.backends.Gnome.Keyring
126 # default-keyring=keyring.backends.kwallet.Keyring
126 # default-keyring=keyring.backends.kwallet.Keyring
127
127
128 For list of known backends run ``pydoc keyring.backends``.
128 For list of known backends run ``pydoc keyring.backends``.
129
129
130
130
131 ``hgrc`` configuration (HTTP)
131 ``hgrc`` configuration (HTTP)
132 =======================================================
132 =======================================================
133
133
134 Mercurial Keyring uses standard Mercurial ``[auth]`` configuration to
134 Mercurial Keyring uses standard Mercurial ``[auth]`` configuration to
135 detect your username (on given remote) and url prefix. You are
135 detect your username (on given remote) and url prefix. You are
136 strongly advised to configure both.
136 strongly advised to configure both.
137
137
138 Without the username ``mercurial_keyring`` can't save or restore
138 Without the username ``mercurial_keyring`` can't save or restore
139 passwords, so it disables itself.
139 passwords, so it disables itself.
140
140
141 Without url prefix ``mercurial_keyring`` works, but binds passwords to
141 Without url prefix ``mercurial_keyring`` works, but binds passwords to
142 repository urls. That means you will have to (re)enter password for
142 repository urls. That means you will have to (re)enter password for
143 every repository cloned from given remote (and that there will be many
143 every repository cloned from given remote (and that there will be many
144 copies of this password in secure storage).
144 copies of this password in secure storage).
145
145
146 Repository level configuration
146 Repository level configuration
147 ------------------------------------
147 ------------------------------------
148
148
149 Edit repository-local ``.hg/hgrc`` and save there the remote
149 Edit repository-local ``.hg/hgrc`` and save there the remote
150 repository path and the username, but do not save the password. For
150 repository path and the username, but do not save the password. For
151 example:
151 example:
152
152
153 ::
153 ::
154
154
155 [paths]
155 [paths]
156 myremote = https://my.server.com/hgrepo/someproject
156 myremote = https://my.server.com/hgrepo/someproject
157
157
158 [auth]
158 [auth]
159 myremote.prefix = https://my.server.com/hgrepo
159 myremote.prefix = https://my.server.com/hgrepo
160 myremote.username = John
160 myremote.username = John
161
161
162 Simpler form with url-embedded name can also be used:
162 Simpler form with url-embedded name can also be used:
163
163
164 ::
164 ::
165
165
166 [paths]
166 [paths]
167 bitbucket = https://John@my.server.com/hgrepo/someproject/
167 bitbucket = https://John@my.server.com/hgrepo/someproject/
168
168
169 but is not recommended.
169 but is not recommended.
170
170
171 Note that all repositories sharing the same ``prefix`` share the same
171 Note that all repositories sharing the same ``prefix`` share the same
172 password.
172 password.
173
173
174 Mercurial allows also for password in ``.hg/hgrc`` (either given by
174 Mercurial allows also for password in ``.hg/hgrc`` (either given by
175 ``«prefix».password``, or embedded in url). If such password is found,
175 ``«prefix».password``, or embedded in url). If such password is found,
176 Mercurial Keyring disables itself.
176 Mercurial Keyring disables itself.
177
177
178
178
179 Account-level configuration
179 Account-level configuration
180 ---------------------------
180 ---------------------------
181
181
182 If you are consistent about remote repository nicknames, you can
182 If you are consistent about remote repository nicknames, you can
183 configure the username in your `~/.hgrc` (`.hgrc` in your home
183 configure the username in your `~/.hgrc` (`.hgrc` in your home
184 directory). For example, write there::
184 directory). For example, write there::
185
185
186 [auth]
186 [auth]
187 acme.prefix = hg.acme.com/repositories
187 acme.prefix = hg.acme.com/repositories
188 acme.username = johnny
188 acme.username = johnny
189 acme.schemes = http https
189 acme.schemes = http https
190 bitbucket.prefix = https://bitbucket.org
190 bitbucket.prefix = https://bitbucket.org
191 bitbucket.username = Mekk
191 bitbucket.username = Mekk
192 mydep.prefix = https://dev.acmeorg.com
192 mydep.prefix = https://dev.acmeorg.com
193 mydep.username = drmartin
193 mydep.username = drmartin
194
194
195 and as long as you use ``acme`` alias for repositories like
195 and as long as you use ``acme`` alias for repositories like
196 ``https://hg.acme.com/repositories/my_beautiful_app``, username
196 ``https://hg.acme.com/repositories/my_beautiful_app``, username
197 ``johnny`` will be used, and the same password reused. Similarly
197 ``johnny`` will be used, and the same password reused. Similarly
198 any ``hg push bitbucket`` will share the same password.
198 any ``hg push bitbucket`` will share the same password.
199
199
200 With such config repository-level ``.hg/hgrc`` need only contain
200 With such config repository-level ``.hg/hgrc`` need only contain
201 ``[paths]``.
201 ``[paths]``.
202
202
203 Additional advantage of this method is that it works also during
203 Additional advantage of this method is that it works also during
204 `clone`.
204 `clone`.
205
205
206
206
207 .. note::
207 .. note::
208
208
209 Mercurial Keyring works well with `Path Pattern`_. On my setup I use
209 Mercurial Keyring works well with `Path Pattern`_. On my setup I use
210 prefix as above, and::
210 prefix as above, and::
211
211
212 [path_pattern]
212 [path_pattern]
213 bitbucket.local = ~/devel/{below}
213 bitbucket.local = ~/devel/{below}
214 bitbucket.remote = https://bitbucket.org/Mekk/{below:/=-}
214 bitbucket.remote = https://bitbucket.org/Mekk/{below:/=-}
215
215
216 so all my repositories understand ``hg push bitbucket`` without
216 so all my repositories understand ``hg push bitbucket`` without
217 any repository-level configuration.
217 any repository-level configuration.
218
218
219
219
220 ``hgrc`` configuration (SMTP)
220 ``hgrc`` configuration (SMTP)
221 =======================================================
221 =======================================================
222
222
223 Edit either repository-local ``.hg/hgrc``, or ``~/.hgrc`` and set
223 Edit either repository-local ``.hg/hgrc``, or ``~/.hgrc`` and set
224 there all standard email and smtp properties, including SMTP
224 there all standard email and smtp properties, including SMTP
225 username, but without SMTP password. For example:
225 username, but without SMTP password. For example:
226
226
227 ::
227 ::
228
228
229 [email]
229 [email]
230 method = smtp
230 method = smtp
231 from = Joe Doe <Joe.Doe@remote.com>
231 from = Joe Doe <Joe.Doe@remote.com>
232
232
233 [smtp]
233 [smtp]
234 host = smtp.gmail.com
234 host = smtp.gmail.com
235 port = 587
235 port = 587
236 username = JoeDoe@gmail.com
236 username = JoeDoe@gmail.com
237 tls = true
237 tls = true
238
238
239 Just as in case of HTTP, you *must* set username, but *must not* set
239 Just as in case of HTTP, you *must* set username, but *must not* set
240 password here to use the extension, in other cases it will revert to
240 password here to use the extension, in other cases it will revert to
241 the default behavior.
241 the default behavior.
242
242
243 Usage
243 Usage
244 ======================================================
244 ======================================================
245
245
246 Saving and restoring passwords
246 Saving and restoring passwords
247 -------------------------------------------------------
247 -------------------------------------------------------
248
248
249 Configure the repository as above, then just ``hg pull``, ``hg push``,
249 Configure the repository as above, then just ``hg pull``, ``hg push``,
250 etc. You should be asked for the password only once (per every
250 etc. You should be asked for the password only once (per every
251 username and remote repository prefix or url combination).
251 username and remote repository prefix or url combination).
252
252
253 Similarly, for email, configure as above and just ``hg email``.
253 Similarly, for email, configure as above and just ``hg email``.
254 Again, you will be asked for the password once (per every username and
254 Again, you will be asked for the password once (per every username and
255 email server address combination).
255 email server address combination).
256
256
257 Checking password status (``hg keyring_check``)
257 Checking password status (``hg keyring_check``)
258 -------------------------------------------------------
258 -------------------------------------------------------
259
259
260 The ``keyring_check`` command can be used to check whether/which
260 The ``keyring_check`` command can be used to check whether/which
261 password(s) are saved. It can be used in three ways:
261 password(s) are saved. It can be used in three ways:
262
262
263 - without parameters, it prints info related to all HTTP paths
263 - without parameters, it prints info related to all HTTP paths
264 defined for current repository (everything from ``hg paths``
264 defined for current repository (everything from ``hg paths``
265 that resolves to HTTP url)::
265 that resolves to HTTP url)::
266
266
267 hg keyring_check
267 hg keyring_check
268
268
269 - given alias as param, it prints info about this alias::
269 - given alias as param, it prints info about this alias::
270
270
271 hg keyring_check work
271 hg keyring_check work
272
272
273 - finally, any path can be checked::
273 - finally, any path can be checked::
274
274
275 hg keyring_check https://bitbucket.org/Mekk/mercurial_keyring
275 hg keyring_check https://bitbucket.org/Mekk/mercurial_keyring
276
276
277 Deleting saved password (``hg keyring_clear``)
277 Deleting saved password (``hg keyring_clear``)
278 -------------------------------------------------------
278 -------------------------------------------------------
279
279
280 The ``keyring_clear`` command removes saved password related to given
280 The ``keyring_clear`` command removes saved password related to given
281 path. It can be used in two ways:
281 path. It can be used in two ways:
282
282
283 - given alias as param, it drops password used by this alias::
283 - given alias as param, it drops password used by this alias::
284
284
285 hg keyring_clear work
285 hg keyring_clear work
286
286
287 - given full path, it drops password related to this path::
287 - given full path, it drops password related to this path::
288
288
289 hg keyring_clear https://bitbucket.org/Mekk/mercurial_keyring
289 hg keyring_clear https://bitbucket.org/Mekk/mercurial_keyring
290
290
291 Managing passwords using GUI tools
291 Managing passwords using GUI tools
292 ------------------------------------------------------
292 ------------------------------------------------------
293
293
294 Many password backends provide GUI tools for password management,
294 Many password backends provide GUI tools for password management,
295 for example Gnome Keyring passwords can be managed using ``seahorse``,
295 for example Gnome Keyring passwords can be managed using ``seahorse``,
296 and KDE Wallet using ``kwalletmanager``. Those GUI tools can be used
296 and KDE Wallet using ``kwalletmanager``. Those GUI tools can be used
297 to review, edit, or delete saved passwords.
297 to review, edit, or delete saved passwords.
298
298
299 Unfortunately, as I write, keyring_ library does not allow one to
299 Unfortunately, as I write, keyring_ library does not allow one to
300 configure how/where exactly saved passwords are put in the hierarchy,
300 configure how/where exactly saved passwords are put in the hierarchy,
301 and the place is not always intuitive. For example, in KDE Wallet, all
301 and the place is not always intuitive. For example, in KDE Wallet, all
302 passwords saved using ``mercurial_keyring`` show up in the folder
302 passwords saved using ``mercurial_keyring`` show up in the folder
303 named ``Python``.
303 named ``Python``.
304
304
305 .. note::
305 .. note::
306
306
307 This is slightly problematic in case ``mercurial_keyring`` is not
307 This is slightly problematic in case ``mercurial_keyring`` is not
308 the only program using keyring_ library. Passwords saved by another
308 the only program using keyring_ library. Passwords saved by another
309 Python application or script (which also uses keyring_) will be put
309 Python application or script (which also uses keyring_) will be put
310 into the same place, and it may be unclear which password belongs
310 into the same place, and it may be unclear which password belongs
311 to which program. To remedy this, ``mercurial_keyring`` applies
311 to which program. To remedy this, ``mercurial_keyring`` applies
312 slightly unusual labels of the form
312 slightly unusual labels of the form
313 ``«username»@@«urlprefix»@Mercurial`` - for example my bitbucket
313 ``«username»@@«urlprefix»@Mercurial`` - for example my bitbucket
314 password is labelled ``Mekk@@https://bitbucket.org@Mercurial``.
314 password is labelled ``Mekk@@https://bitbucket.org@Mercurial``.
315
315
316 Implementation details
316 Implementation details
317 =======================================================
317 =======================================================
318
318
319 The extension is monkey-patching the mercurial ``passwordmgr`` class
319 The extension is monkey-patching the mercurial ``passwordmgr`` class
320 to replace the ``find_user_password`` method. Detailed order of operations
320 to replace the ``find_user_password`` method. Detailed order of operations
321 is described in the comments inside `the code`_.
321 is described in the comments inside `the code`_.
322
322
323 History
323 History
324 =======================================================
324 =======================================================
325
325
326 See `HISTORY.txt`_.
326 See `HISTORY.txt`_.
327
327
328 Development
328 Development
329 =======================================================
329 =======================================================
330
330
331 Development is tracked on BitBucket, see
331 Development is tracked on BitBucket, see
332 http://bitbucket.org/Mekk/mercurial_keyring/
332 http://bitbucket.org/Mekk/mercurial_keyring/
333
333
334
334
335 Additional notes
335 Additional notes
336 =======================================================
336 =======================================================
337
337
338 Information about this extension is also available
338 Information about this extension is also available
339 on Mercurial Wiki: http://mercurial.selenic.com/wiki/KeyringExtension
339 on Mercurial Wiki: http://mercurial.selenic.com/wiki/KeyringExtension
340
340
341 Check also `other Mercurial extensions I wrote`_.
341 Check also `other Mercurial extensions I wrote`_.
342
342
343 .. _other Mercurial extensions I wrote: http://mekk.bitbucket.org/mercurial.html
343 .. _other Mercurial extensions I wrote: http://mekk.bitbucket.io/mercurial.html
344
344
345 .. _HISTORY.txt: http://bitbucket.org/Mekk/mercurial_keyring/src/tip/HISTORY.txt
345 .. _HISTORY.txt: http://bitbucket.org/Mekk/mercurial_keyring/src/tip/HISTORY.txt
346 .. _TortoiseHg: http://tortoisehg.bitbucket.org/
346 .. _TortoiseHg: http://tortoisehg.bitbucket.org/
347 .. _Mercurial: http://mercurial.selenic.com
347 .. _Mercurial: http://mercurial.selenic.com
348 .. _mercurial_extension_utils: https://bitbucket.org/Mekk/mercurial-extension_utils/
348 .. _mercurial_extension_utils: https://bitbucket.org/Mekk/mercurial-extension_utils/
349 .. _Path Pattern: https://bitbucket.org/Mekk/mercurial-path_pattern/
349 .. _Path Pattern: https://bitbucket.org/Mekk/mercurial-path_pattern/
General Comments 0
You need to be logged in to leave comments. Login now