* auth.texi (Secret Service API): Add the missing text.

author: Michael Albinus 2012-04-04 17:28:57 +0200
committer: Michael Albinus 2012-04-04 17:28:57 +0200
commit: 0317dd510d318698cc4cc982b002fb79a70b5bc9 (patch)
tree: 4245e1e5d3b088ec31c5442a8ba2139e05dd4b14
parent: 245d176baccb64765ec2f1726f39b927c95a3e16 (diff)
download: emacs-0317dd510d318698cc4cc982b002fb79a70b5bc9.tar.gz
emacs-0317dd510d318698cc4cc982b002fb79a70b5bc9.zip
2 files changed, 133 insertions, 1 deletions
diff --git a/doc/misc/ChangeLog b/doc/misc/ChangeLog
index b7b981d8653..45f6c9455df 100644
--- a/doc/misc/ChangeLog
+++ b/doc/misc/ChangeLog
@@ -1,3 +1,7 @@
+2012-04-04  Michael Albinus  <michael.albinus@gmx.de>
+        * auth.texi (Secret Service API): Add the missing text.
 2012-04-04  Chong Yidong  <cyd@gnu.org>
        * message.texi (Using PGP/MIME): Note that epg is now the default.
diff --git a/doc/misc/auth.texi b/doc/misc/auth.texi
index b6368cf0517..fe6464ae6b6 100644
--- a/doc/misc/auth.texi
+++ b/doc/misc/auth.texi
@@ -227,7 +227,135 @@ necessary if you have an unusual (see earlier comment on those) setup.
 @node Secret Service API
 @chapter Secret Service API
-TODO: how does it work generally, how does secrets.el work, some examples.
+The @dfn{Secret Service API} is a standard from
+@uref{http://www.freedesktop.org/wiki/Specifications/secret-storage-spec,,freedesktop.org}
+to securely store passwords and other confidential information.
+Implementations of compliant daemons are the GNOME Keyring and the KDE
+Wallet.
+Although the usage of the client library secrets.el is hidden in Emacs
+via the auth-source library, its functionality can be used also
+directly in other packages.
+@defvar secrets-enabled
+After loading @file{secrets.el}, a non-@code{nil} value of this
+variable indicates the existence of a daemon providing the Secret
+Service API.
+@end defvar
+@deffn Command secrets-show-secrets
+All collections, items, and their attributes are inspected by this command.
+@end deffn
+The atomic objects to be managed by the Secret Service API are
+@dfn{secret items}, which are something an application wishes to store
+securely.  A good example is a password that an application needs to
+save and use at a later date.
+Secret items are grouped in @dfn{collections}.  A collection is
+similar in concept to the terms @samp{keyring} or @samp{wallet}.  A
+common collection is called @samp{"login"}.  A collection is stored
+permanently under the user's permissions, and can be accessed in a
+user session context.
+A collection can have an alias name.  The use case for this is to
+set the alias @samp{"default"} for a given collection, making it
+transparent for clients, which collection is used.  Other aliases
+are not supported (yet).  Since an alias is visible to all
+applications, this setting shall be performed with care.
+@defun secrets-list-collections
+This function returns a list of collection names.
+@end defun
+@defun secrets-set-alias collection alias
+Set @var{alias} as alias of collection labeled @var{collection}.
+For the time being, only the alias @samp{"default"} is supported.
+@end defun
+@defun secrets-get-alias alias
+Return the collection name @var{alias} is referencing to.
+For the time being, only the alias @samp{"default"} is supported.
+@end defun
+Collections can be created and deleted by the functions
+@code{secrets-create-collection} and @code{secrets-delete-collection}.
+Usually, this is not applied from within Emacs.  Common collections,
+like @samp{"login"}, shall never be deleted.
+There exists a special collection called @samp{"session"}, which has
+the lifetime of the corresponding client session (aka Emacs's
+lifetime).  It is created automatically when Emacs uses the Secret
+Service interface, and it is deleted when Emacs is killed.  Therefore,
+it can be used to store and retrieve secret items temporarily.  This
+shall be preferred over creation of a persistent collection, when the
+information shall not live longer than Emacs.  The session collection
+can be addressed either by the string @samp{"session"}, or by
+@code{nil}, whenever a collection parameter is needed in the following
+functions.
+As already said, a collection is a group of secret items.  A secret
+item has a label, the @dfn{secret} (which is a string), and a set of
+lookup attributes.  The attributes can be used to search and retrieve
+a secret item at a later date.
+@defun secrets-list-items collection
+Returns a list of all item labels of @var{collection}.
+@end defun
+@defun secrets-create-item collection item password &rest attributes
+This function creates a new item in @var{collection} with label
+@var{item} and password @var{PASSWORD}.  @var{attributes} are
+key-value pairs set for the created item.  The keys are keyword
+symbols, starting with a colon.  Example:
+@example
+(secrets-create-item "session" "my item" "geheim"
+ :method "sudo" :user "joe" :host "remote-host")
+@end example
+@end defun
+@defun secrets-get-secret collection item
+Return the secret of item labeled @var{item} in @var{collection}.
+If there is no such item, return @code{nil}.
+@end defun
+@defun secrets-delete-item collection item
+This function deletes item @var{item} in @var{collection}.
+@end defun
+The lookup attributes, which are specified during creation of a
+secret item, must be a key-value pair.  Keys are keyword symbols,
+starting with a colon; values are strings.  They can be retrieved
+from a given secret item, and they can be used for searching of items.
+@defun secrets-get-attribute collection item attribute
+Returns the value of key @var{attribute} of item labeled @var{item} in
+@var{collection}.  If there is no such item, or the item doesn't own
+this key, the function returns @code{nil}.
+@end defun
+@defun secrets-get-attributes collection item
+Return the lookup attributes of item labeled @var{item} in
+@var{collection}.  If there is no such item, or the item has no
+attributes, it returns @code{nil}.  Example:
+@example
+(secrets-get-attributes "session" "my item")
+     @result{} ((:user . "joe") (:host ."remote-host"))
+@end example
+@end defun
+@defun secrets-search-items collection &rest attributes
+Searchs items in @var{collection} with @var{attributes}.
+@var{attributes} are key-value pairs, as used in
+@code{secrets-create-item}.  Example:
+@example
+(secrets-search-items "session" :user "joe")
+     @result{} ("my item" "another item")
+@end example
+@end defun
 @node Help for developers
 @chapter Help for developers
author	Michael Albinus	2012-04-04 17:28:57 +0200
committer	Michael Albinus	2012-04-04 17:28:57 +0200
commit	0317dd510d318698cc4cc982b002fb79a70b5bc9 (patch)
tree	4245e1e5d3b088ec31c5442a8ba2139e05dd4b14
parent	245d176baccb64765ec2f1726f39b927c95a3e16 (diff)
download	emacs-0317dd510d318698cc4cc982b002fb79a70b5bc9.tar.gz emacs-0317dd510d318698cc4cc982b002fb79a70b5bc9.zip

diff --git a/doc/misc/ChangeLog b/doc/misc/ChangeLog index b7b981d8653..45f6c9455df 100644 --- a/doc/misc/ChangeLog +++ b/doc/misc/ChangeLog
@@ -1,3 +1,7 @@
		1	2012-04-04 Michael Albinus <michael.albinus@gmx.de>
		2
		3	* auth.texi (Secret Service API): Add the missing text.
		4
1	2012-04-04 Chong Yidong <cyd@gnu.org>	5	2012-04-04 Chong Yidong <cyd@gnu.org>
2		6
3	* message.texi (Using PGP/MIME): Note that epg is now the default.	7	* message.texi (Using PGP/MIME): Note that epg is now the default.


diff --git a/doc/misc/auth.texi b/doc/misc/auth.texi index b6368cf0517..fe6464ae6b6 100644 --- a/doc/misc/auth.texi +++ b/doc/misc/auth.texi
@@ -227,7 +227,135 @@ necessary if you have an unusual (see earlier comment on those) setup.
227	@node Secret Service API	227	@node Secret Service API
228	@chapter Secret Service API	228	@chapter Secret Service API
229		229
230	TODO: how does it work generally, how does secrets.el work, some examples.	230	The @dfn{Secret Service API} is a standard from
		231	@uref{http://www.freedesktop.org/wiki/Specifications/secret-storage-spec,,freedesktop.org}
		232	to securely store passwords and other confidential information.
		233	Implementations of compliant daemons are the GNOME Keyring and the KDE
		234	Wallet.
		235
		236	Although the usage of the client library secrets.el is hidden in Emacs
		237	via the auth-source library, its functionality can be used also
		238	directly in other packages.
		239
		240	@defvar secrets-enabled
		241	After loading @file{secrets.el}, a non-@code{nil} value of this
		242	variable indicates the existence of a daemon providing the Secret
		243	Service API.
		244	@end defvar
		245
		246	@deffn Command secrets-show-secrets
		247	All collections, items, and their attributes are inspected by this command.
		248	@end deffn
		249
		250	The atomic objects to be managed by the Secret Service API are
		251	@dfn{secret items}, which are something an application wishes to store
		252	securely. A good example is a password that an application needs to
		253	save and use at a later date.
		254
		255	Secret items are grouped in @dfn{collections}. A collection is
		256	similar in concept to the terms @samp{keyring} or @samp{wallet}. A
		257	common collection is called @samp{"login"}. A collection is stored
		258	permanently under the user's permissions, and can be accessed in a
		259	user session context.
		260
		261	A collection can have an alias name. The use case for this is to
		262	set the alias @samp{"default"} for a given collection, making it
		263	transparent for clients, which collection is used. Other aliases
		264	are not supported (yet). Since an alias is visible to all
		265	applications, this setting shall be performed with care.
		266
		267	@defun secrets-list-collections
		268	This function returns a list of collection names.
		269	@end defun
		270
		271	@defun secrets-set-alias collection alias
		272	Set @var{alias} as alias of collection labeled @var{collection}.
		273	For the time being, only the alias @samp{"default"} is supported.
		274	@end defun
		275
		276	@defun secrets-get-alias alias
		277	Return the collection name @var{alias} is referencing to.
		278	For the time being, only the alias @samp{"default"} is supported.
		279	@end defun
		280
		281	Collections can be created and deleted by the functions
		282	@code{secrets-create-collection} and @code{secrets-delete-collection}.
		283	Usually, this is not applied from within Emacs. Common collections,
		284	like @samp{"login"}, shall never be deleted.
		285
		286	There exists a special collection called @samp{"session"}, which has
		287	the lifetime of the corresponding client session (aka Emacs's
		288	lifetime). It is created automatically when Emacs uses the Secret
		289	Service interface, and it is deleted when Emacs is killed. Therefore,
		290	it can be used to store and retrieve secret items temporarily. This
		291	shall be preferred over creation of a persistent collection, when the
		292	information shall not live longer than Emacs. The session collection
		293	can be addressed either by the string @samp{"session"}, or by
		294	@code{nil}, whenever a collection parameter is needed in the following
		295	functions.
		296
		297	As already said, a collection is a group of secret items. A secret
		298	item has a label, the @dfn{secret} (which is a string), and a set of
		299	lookup attributes. The attributes can be used to search and retrieve
		300	a secret item at a later date.
		301
		302	@defun secrets-list-items collection
		303	Returns a list of all item labels of @var{collection}.
		304	@end defun
		305
		306	@defun secrets-create-item collection item password &rest attributes
		307	This function creates a new item in @var{collection} with label
		308	@var{item} and password @var{PASSWORD}. @var{attributes} are
		309	key-value pairs set for the created item. The keys are keyword
		310	symbols, starting with a colon. Example:
		311
		312	@example
		313	(secrets-create-item "session" "my item" "geheim"
		314	:method "sudo" :user "joe" :host "remote-host")
		315	@end example
		316	@end defun
		317
		318	@defun secrets-get-secret collection item
		319	Return the secret of item labeled @var{item} in @var{collection}.
		320	If there is no such item, return @code{nil}.
		321	@end defun
		322
		323	@defun secrets-delete-item collection item
		324	This function deletes item @var{item} in @var{collection}.
		325	@end defun
		326
		327	The lookup attributes, which are specified during creation of a
		328	secret item, must be a key-value pair. Keys are keyword symbols,
		329	starting with a colon; values are strings. They can be retrieved
		330	from a given secret item, and they can be used for searching of items.
		331
		332	@defun secrets-get-attribute collection item attribute
		333	Returns the value of key @var{attribute} of item labeled @var{item} in
		334	@var{collection}. If there is no such item, or the item doesn't own
		335	this key, the function returns @code{nil}.
		336	@end defun
		337
		338	@defun secrets-get-attributes collection item
		339	Return the lookup attributes of item labeled @var{item} in
		340	@var{collection}. If there is no such item, or the item has no
		341	attributes, it returns @code{nil}. Example:
		342
		343	@example
		344	(secrets-get-attributes "session" "my item")
		345	@result{} ((:user . "joe") (:host ."remote-host"))
		346	@end example
		347	@end defun
		348
		349	@defun secrets-search-items collection &rest attributes
		350	Searchs items in @var{collection} with @var{attributes}.
		351	@var{attributes} are key-value pairs, as used in
		352	@code{secrets-create-item}. Example:
		353
		354	@example
		355	(secrets-search-items "session" :user "joe")
		356	@result{} ("my item" "another item")
		357	@end example
		358	@end defun
231		359
232	@node Help for developers	360	@node Help for developers
233	@chapter Help for developers	361	@chapter Help for developers