Use the keyring approach to encrypting the secrets DB

[RichardBronosky]

This is Python, but I'm sure something similar probably exists for golang. https://pypi.org/project/keyring/#what-is-python-keyring-lib

It is used in https://github.com/jjfalling/TOTP-Generator and it's pretty good, except that you have to choose to either be constantly prompted to "Allow" Python to access your keychain, or to "Always Allow" Python. And the latter means that after that, anything Python can access your keychain if it is unlocked. Not good. Compiling a binary solves this.

[endorama]

Hello, as I shared your concern I created an authenticator which store secrets in the keyring: https://github.com/endorama/two-factor-authenticator

A bit of shameless self promotion, but obviously the code is fairly simple and could be ported to this project easily :)

Currently supports Gnome Keyring and MacOSX Keychain (mainly due to testing availability), but the library on which is based has wider support (including Windows, KDE, file and even pass).

[figadore]

Another easy-to-use go module to do cross-platform keychain interactions is https://github.com/zalando/go-keyring

[pcarrier]

Hey thanks for the suggestion. I'd suggest putting this into a different binary as this would fall a bit too far on the side of "bloat" for the small portable tool gauth is today, but more than happy to host it in this repo and make their maintainers contributors if they'd like to share the tree and README; PRs welcome! Otherwise feel free to PR this README pointing to an alternative or fork explaining the benefits, we certainly wouldn't want to misguide toward overly simplistic solutions when people already trust a solid secret store.

[pcarrier]

Oh nevermind go-keyring does not look like a portability mess, worth exploring. Don't know if I'll have any time to think through what the UX should be or study the impact on binary size etc. This could be worth a v2 that lets you manipulate the store interactively (through subcommands and/or its own prompt).