auth.texi (Secret Service API): Edit further and give examples.

author: Teodor Zlatanov 2012-04-05 13:55:55 +0000
committer: Katsumi Yamaoka 2012-04-05 13:55:55 +0000
commit: ca2c89b638e8a3f04bab427262b83d616b2ccba1 (patch)
tree: b400488c813160171e63a85547859ebd9dc1393a
parent: 0a0a3573ec4454519ebfaf33f1742003a0b8a5a0 (diff)
download: emacs-ca2c89b638e8a3f04bab427262b83d616b2ccba1.tar.gz
emacs-ca2c89b638e8a3f04bab427262b83d616b2ccba1.zip
2 files changed, 68 insertions, 46 deletions
diff --git a/doc/misc/ChangeLog b/doc/misc/ChangeLog
index 525b03e929d..f6260ecc4ab 100644
--- a/doc/misc/ChangeLog
+++ b/doc/misc/ChangeLog
@@ -1,3 +1,7 @@
+2012-04-05  Teodor Zlatanov  <tzz@lifelogs.com>
+        * auth.texi (Secret Service API): Edit further and give examples.
 2012-04-04  Glenn Morris  <rgm@gnu.org>
        * auth.texi (Secret Service API): Copyedits.
diff --git a/doc/misc/auth.texi b/doc/misc/auth.texi
index 83975659405..bb413ad138b 100644
--- a/doc/misc/auth.texi
+++ b/doc/misc/auth.texi
@@ -229,13 +229,14 @@ necessary if you have an unusual (see earlier comment on those) setup.
 The @dfn{Secret Service API} is a standard from
 @uref{http://www.freedesktop.org/wiki/Specifications/secret-storage-spec,,freedesktop.org}
-to securely store passwords and other confidential information.
+to securely store passwords and other confidential information.  This
-Implementations of compliant daemons are the GNOME Keyring and the KDE
+API is implemented by system daemons such as the GNOME Keyring and the
-Wallet.
+KDE Wallet (these are GNOME and KDE packages respectively and should
+be available on most modern GNU/Linux systems).
-The auth-source library uses the @file{secrets.el} library as an
+The auth-source library uses the @file{secrets.el} library to connect
-interface to this feature.  You can also use that library in other
+through the Secret Service API.  You can also use that library in
-packages.
+other packages, it's not exclusive to auth-source.
 @defvar secrets-enabled
 After loading @file{secrets.el}, a non-@code{nil} value of this
@@ -244,63 +245,60 @@ Service API.
 @end defvar
 @deffn Command secrets-show-secrets
-This command inspects all collections, items, and their attributes.
+This command shows all collections, items, and their attributes.
 @end deffn
-The atomic objects to be managed by the Secret Service API are
+The atomic objects managed by the Secret Service API are @dfn{secret
-@dfn{secret items}, which are something an application wishes to store
+items}, which contain things an application wishes to store securely,
-securely.  A good example is a password that an application needs to
+like a password.  Secret items have a label (a name), the @dfn{secret}
-save and use at a later date.
+(which is the string we want, like a password), and a set of lookup
+attributes.  The attributes can be used to search and retrieve a
+secret item at a later date.
 Secret items are grouped in @dfn{collections}.  A collection is
-similar in concept to the terms @samp{keyring} or @samp{wallet}.  A
+sometimes called a @samp{keyring} or @samp{wallet} in GNOME Keyring
-common collection is called @samp{"login"}.  A collection is stored
+and KDE Wallet but it's the same thing, a group of secrets.
-permanently under the user's permissions, and can be accessed in a
+Collections are personal and protected so only the owner can open them.
-user session context.
-A collection can have an alias name.  The use case for this is to
+The most common collection is called @samp{login}.
-set the alias @samp{"default"} for a given collection, making it
-transparent to clients as to which collection is used.  Other aliases
+A collection can have an alias.  The alias @samp{default} is
-are not supported (yet).  Since an alias is visible to all
+commonly used so the clients don't have to know the specific name of
-applications, this setting should be performed with care.
+the collection they open.  Other aliases are not supported yet.
+Since aliases are globally accessible, set the @samp{default} alias
+only when you're sure it's appropriate.
 @defun secrets-list-collections
-This function returns a list of collection names.
+This function returns all the collection names as a list.
 @end defun
 @defun secrets-set-alias collection alias
 Set @var{alias} as alias of collection labeled @var{collection}.
-For the time being, only the alias @samp{"default"} is supported.
+Currently only the alias @samp{default} is supported.
 @end defun
 @defun secrets-get-alias alias
 Return the collection name @var{alias} is referencing to.
-For the time being, only the alias @samp{"default"} is supported.
+Currently only the alias @samp{default} is supported.
 @end defun
 Collections can be created and deleted by the functions
 @code{secrets-create-collection} and @code{secrets-delete-collection}.
-Usually, this is not applied from within Emacs.  Common collections,
+Usually, this is not done from within Emacs.  Do not delete standard
-like @samp{"login"}, should never be deleted.
+collections such as @samp{login}.
-There exists a special collection called @samp{"session"}, which has
+The special collection @samp{session} exists for the lifetime of the
-the lifetime of the corresponding client session (aka Emacs's
+corresponding client session (in our case, Emacs's lifetime).  It is
-lifetime).  It is created automatically when Emacs uses the Secret
+created automatically when Emacs uses the Secret Service interface and
-Service interface, and it is deleted when Emacs is killed.  Therefore,
+it is deleted when Emacs is killed.  Therefore, it can be used to
-it can be used to store and retrieve secret items temporarily.  This
+store and retrieve secret items temporarily.  The @samp{session}
-should be preferred over creation of a persistent collection, when the
+collection is better than a persistent collection when the secret
-information should not live longer than Emacs.  The session collection
+items should not live longer than Emacs.  The session collection can
-can be addressed either by the string @samp{"session"}, or by
+be specified either by the string @samp{session}, or by @code{nil},
-@code{nil}, whenever a collection parameter is needed in the following
+whenever a collection parameter is needed in the following functions.
-functions.
-As already said, a collection is a group of secret items.  A secret
-item has a label, the @dfn{secret} (which is a string), and a set of
-lookup attributes.  The attributes can be used to search and retrieve
-a secret item at a later date.
 @defun secrets-list-items collection
-Returns a list of all item labels of @var{collection}.
+Returns all the item labels of @var{collection} as a list.
 @end defun
 @defun secrets-create-item collection item password &rest attributes
@@ -310,6 +308,8 @@ key-value pairs set for the created item.  The keys are keyword
 symbols, starting with a colon.  Example:
 @example
+;;; The session "session", the label is "my item"
+;;; and the secret (password) is "geheim"
 (secrets-create-item "session" "my item" "geheim"
 :method "sudo" :user "joe" :host "remote-host")
 @end example
@@ -327,7 +327,7 @@ This function deletes item @var{item} in @var{collection}.
 The lookup attributes, which are specified during creation of a
 secret item, must be a key-value pair.  Keys are keyword symbols,
 starting with a colon; values are strings.  They can be retrieved
-from a given secret item, and they can be used for searching of items.
+from a given secret item and they can be used for searching of items.
 @defun secrets-get-attribute collection item attribute
 Returns the value of key @var{attribute} of item labeled @var{item} in
@@ -347,9 +347,9 @@ attributes, it returns @code{nil}.  Example:
 @end defun
 @defun secrets-search-items collection &rest attributes
-Search items in @var{collection} with @var{attributes}.
+Search for the items in @var{collection} with matching
-@var{attributes} are key-value pairs, as used in
+@var{attributes}.  The @var{attributes} are key-value pairs, as used
-@code{secrets-create-item}.  Example:
+in @code{secrets-create-item}.  Example:
 @example
 (secrets-search-items "session" :user "joe")
@@ -357,6 +357,24 @@ Search items in @var{collection} with @var{attributes}.
 @end example
 @end defun
+The auth-source library uses the @file{secrets.el} library and thus
+the Secret Service API when you specify a source matching
+@samp{secrets:COLLECTION}.  For instance, you could use
+@samp{secrets:session} to use the @samp{session} collection, open only
+for the lifetime of Emacs.  Or you could use @samp{secrets:Login} to
+open the @samp{Login} collection.  As a special case, you can use the
+symbol @code{default} in @code{auth-sources} (not a string, but a
+symbol) to specify the @samp{default} alias.  Here is a contrived
+example that sets @code{auth-sources} to search three collections and
+then fall back to @file{~/.authinfo.gpg}.
+@example
+(setq auth-sources '(default
+                     "secrets:session"
+                     "secrets:Login"
+                     "~/.authinfo.gpg"))
+@end example
 @node Help for developers
 @chapter Help for developers
author	Teodor Zlatanov	2012-04-05 13:55:55 +0000
committer	Katsumi Yamaoka	2012-04-05 13:55:55 +0000
commit	ca2c89b638e8a3f04bab427262b83d616b2ccba1 (patch)
tree	b400488c813160171e63a85547859ebd9dc1393a
parent	0a0a3573ec4454519ebfaf33f1742003a0b8a5a0 (diff)
download	emacs-ca2c89b638e8a3f04bab427262b83d616b2ccba1.tar.gz emacs-ca2c89b638e8a3f04bab427262b83d616b2ccba1.zip

diff --git a/doc/misc/ChangeLog b/doc/misc/ChangeLog index 525b03e929d..f6260ecc4ab 100644 --- a/doc/misc/ChangeLog +++ b/doc/misc/ChangeLog
@@ -1,3 +1,7 @@
		1	2012-04-05 Teodor Zlatanov <tzz@lifelogs.com>
		2
		3	* auth.texi (Secret Service API): Edit further and give examples.
		4
1	2012-04-04 Glenn Morris <rgm@gnu.org>	5	2012-04-04 Glenn Morris <rgm@gnu.org>
2		6
3	* auth.texi (Secret Service API): Copyedits.	7	* auth.texi (Secret Service API): Copyedits.


diff --git a/doc/misc/auth.texi b/doc/misc/auth.texi index 83975659405..bb413ad138b 100644 --- a/doc/misc/auth.texi +++ b/doc/misc/auth.texi
@@ -229,13 +229,14 @@ necessary if you have an unusual (see earlier comment on those) setup.
229		229
230	The @dfn{Secret Service API} is a standard from	230	The @dfn{Secret Service API} is a standard from
231	@uref{http://www.freedesktop.org/wiki/Specifications/secret-storage-spec,,freedesktop.org}	231	@uref{http://www.freedesktop.org/wiki/Specifications/secret-storage-spec,,freedesktop.org}
232	to securely store passwords and other confidential information.	232	to securely store passwords and other confidential information. This
233	Implementations of compliant daemons are the GNOME Keyring and the KDE	233	API is implemented by system daemons such as the GNOME Keyring and the
234	Wallet.	234	KDE Wallet (these are GNOME and KDE packages respectively and should
		235	be available on most modern GNU/Linux systems).
235		236
236	The auth-source library uses the @file{secrets.el} library as an	237	The auth-source library uses the @file{secrets.el} library to connect
237	interface to this feature. You can also use that library in other	238	through the Secret Service API. You can also use that library in
238	packages.	239	other packages, it's not exclusive to auth-source.
239		240
240	@defvar secrets-enabled	241	@defvar secrets-enabled
241	After loading @file{secrets.el}, a non-@code{nil} value of this	242	After loading @file{secrets.el}, a non-@code{nil} value of this
@@ -244,63 +245,60 @@ Service API.
244	@end defvar	245	@end defvar
245		246
246	@deffn Command secrets-show-secrets	247	@deffn Command secrets-show-secrets
247	This command inspects all collections, items, and their attributes.	248	This command shows all collections, items, and their attributes.
248	@end deffn	249	@end deffn
249		250
250	The atomic objects to be managed by the Secret Service API are	251	The atomic objects managed by the Secret Service API are @dfn{secret
251	@dfn{secret items}, which are something an application wishes to store	252	items}, which contain things an application wishes to store securely,
252	securely. A good example is a password that an application needs to	253	like a password. Secret items have a label (a name), the @dfn{secret}
253	save and use at a later date.	254	(which is the string we want, like a password), and a set of lookup
		255	attributes. The attributes can be used to search and retrieve a
		256	secret item at a later date.
254		257
255	Secret items are grouped in @dfn{collections}. A collection is	258	Secret items are grouped in @dfn{collections}. A collection is
256	similar in concept to the terms @samp{keyring} or @samp{wallet}. A	259	sometimes called a @samp{keyring} or @samp{wallet} in GNOME Keyring
257	common collection is called @samp{"login"}. A collection is stored	260	and KDE Wallet but it's the same thing, a group of secrets.
258	permanently under the user's permissions, and can be accessed in a	261	Collections are personal and protected so only the owner can open them.
259	user session context.
260		262
261	A collection can have an alias name. The use case for this is to	263	The most common collection is called @samp{login}.
262	set the alias @samp{"default"} for a given collection, making it	264
263	transparent to clients as to which collection is used. Other aliases	265	A collection can have an alias. The alias @samp{default} is
264	are not supported (yet). Since an alias is visible to all	266	commonly used so the clients don't have to know the specific name of
265	applications, this setting should be performed with care.	267	the collection they open. Other aliases are not supported yet.
		268	Since aliases are globally accessible, set the @samp{default} alias
		269	only when you're sure it's appropriate.
266		270
267	@defun secrets-list-collections	271	@defun secrets-list-collections
268	This function returns a list of collection names.	272	This function returns all the collection names as a list.
269	@end defun	273	@end defun
270		274
271	@defun secrets-set-alias collection alias	275	@defun secrets-set-alias collection alias
272	Set @var{alias} as alias of collection labeled @var{collection}.	276	Set @var{alias} as alias of collection labeled @var{collection}.
273	For the time being, only the alias @samp{"default"} is supported.	277	Currently only the alias @samp{default} is supported.
274	@end defun	278	@end defun
275		279
276	@defun secrets-get-alias alias	280	@defun secrets-get-alias alias
277	Return the collection name @var{alias} is referencing to.	281	Return the collection name @var{alias} is referencing to.
278	For the time being, only the alias @samp{"default"} is supported.	282	Currently only the alias @samp{default} is supported.
279	@end defun	283	@end defun
280		284
281	Collections can be created and deleted by the functions	285	Collections can be created and deleted by the functions
282	@code{secrets-create-collection} and @code{secrets-delete-collection}.	286	@code{secrets-create-collection} and @code{secrets-delete-collection}.
283	Usually, this is not applied from within Emacs. Common collections,	287	Usually, this is not done from within Emacs. Do not delete standard
284	like @samp{"login"}, should never be deleted.	288	collections such as @samp{login}.
285		289
286	There exists a special collection called @samp{"session"}, which has	290	The special collection @samp{session} exists for the lifetime of the
287	the lifetime of the corresponding client session (aka Emacs's	291	corresponding client session (in our case, Emacs's lifetime). It is
288	lifetime). It is created automatically when Emacs uses the Secret	292	created automatically when Emacs uses the Secret Service interface and
289	Service interface, and it is deleted when Emacs is killed. Therefore,	293	it is deleted when Emacs is killed. Therefore, it can be used to
290	it can be used to store and retrieve secret items temporarily. This	294	store and retrieve secret items temporarily. The @samp{session}
291	should be preferred over creation of a persistent collection, when the	295	collection is better than a persistent collection when the secret
292	information should not live longer than Emacs. The session collection	296	items should not live longer than Emacs. The session collection can
293	can be addressed either by the string @samp{"session"}, or by	297	be specified either by the string @samp{session}, or by @code{nil},
294	@code{nil}, whenever a collection parameter is needed in the following	298	whenever a collection parameter is needed in the following functions.
295	functions.
296
297	As already said, a collection is a group of secret items. A secret
298	item has a label, the @dfn{secret} (which is a string), and a set of
299	lookup attributes. The attributes can be used to search and retrieve
300	a secret item at a later date.
301		299
302	@defun secrets-list-items collection	300	@defun secrets-list-items collection
303	Returns a list of all item labels of @var{collection}.	301	Returns all the item labels of @var{collection} as a list.
304	@end defun	302	@end defun
305		303
306	@defun secrets-create-item collection item password &rest attributes	304	@defun secrets-create-item collection item password &rest attributes
@@ -310,6 +308,8 @@ key-value pairs set for the created item. The keys are keyword
310	symbols, starting with a colon. Example:	308	symbols, starting with a colon. Example:
311		309
312	@example	310	@example
		311	;;; The session "session", the label is "my item"
		312	;;; and the secret (password) is "geheim"
313	(secrets-create-item "session" "my item" "geheim"	313	(secrets-create-item "session" "my item" "geheim"
314	:method "sudo" :user "joe" :host "remote-host")	314	:method "sudo" :user "joe" :host "remote-host")
315	@end example	315	@end example
@@ -327,7 +327,7 @@ This function deletes item @var{item} in @var{collection}.
327	The lookup attributes, which are specified during creation of a	327	The lookup attributes, which are specified during creation of a
328	secret item, must be a key-value pair. Keys are keyword symbols,	328	secret item, must be a key-value pair. Keys are keyword symbols,
329	starting with a colon; values are strings. They can be retrieved	329	starting with a colon; values are strings. They can be retrieved
330	from a given secret item, and they can be used for searching of items.	330	from a given secret item and they can be used for searching of items.
331		331
332	@defun secrets-get-attribute collection item attribute	332	@defun secrets-get-attribute collection item attribute
333	Returns the value of key @var{attribute} of item labeled @var{item} in	333	Returns the value of key @var{attribute} of item labeled @var{item} in
@@ -347,9 +347,9 @@ attributes, it returns @code{nil}. Example:
347	@end defun	347	@end defun
348		348
349	@defun secrets-search-items collection &rest attributes	349	@defun secrets-search-items collection &rest attributes
350	Search items in @var{collection} with @var{attributes}.	350	Search for the items in @var{collection} with matching
351	@var{attributes} are key-value pairs, as used in	351	@var{attributes}. The @var{attributes} are key-value pairs, as used
352	@code{secrets-create-item}. Example:	352	in @code{secrets-create-item}. Example:
353		353
354	@example	354	@example
355	(secrets-search-items "session" :user "joe")	355	(secrets-search-items "session" :user "joe")
@@ -357,6 +357,24 @@ Search items in @var{collection} with @var{attributes}.
357	@end example	357	@end example
358	@end defun	358	@end defun
359		359
		360	The auth-source library uses the @file{secrets.el} library and thus
		361	the Secret Service API when you specify a source matching
		362	@samp{secrets:COLLECTION}. For instance, you could use
		363	@samp{secrets:session} to use the @samp{session} collection, open only
		364	for the lifetime of Emacs. Or you could use @samp{secrets:Login} to
		365	open the @samp{Login} collection. As a special case, you can use the
		366	symbol @code{default} in @code{auth-sources} (not a string, but a
		367	symbol) to specify the @samp{default} alias. Here is a contrived
		368	example that sets @code{auth-sources} to search three collections and
		369	then fall back to @file{~/.authinfo.gpg}.
		370
		371	@example
		372	(setq auth-sources '(default
		373	"secrets:session"
		374	"secrets:Login"
		375	"~/.authinfo.gpg"))
		376	@end example
		377
360	@node Help for developers	378	@node Help for developers
361	@chapter Help for developers	379	@chapter Help for developers
362		380