Using OS specific stores for storing CLI credentials for golang apps

2017-10-30

Go · Keychain · Nativestore · Pass · Wincred

1 minute

This post is to show a simple way of using Docker’s credential helper package to utilize the system’s native credential store as storage for your Golang-based CLI applications’ login credentials. This means Keychain for OSX, wincred for Windows, and pass for Linux. We use pass here since secretservice, although supported, doesn’t work out of the box in headless servers.

Here’s a simple implementation of our Set, Get, and Del functions.

Then we create our _darwin.go, _linux.go, and _windows.go files for OS specific implementations.

Here’s a quickstart guide to setup pass in Ubuntu systems.

# install pass
$ sudo apt-get install pass

# generate your own key using gpg2, do not use a passphrase
$ gpg2 --gen-key

# if the cmd seems stuck due to lack of entropy, you can open another window and run the ff cmd:
# dd if=/dev/sda of=/dev/zero

# list your keys
$ gpg2 --list-keys
/home/user/.gnupg/pubring.kbx
------------------------------
pub   rsa2048/5486B0F6 2017-09-22 [SC]
uid         [ultimate] IamGroot <iamgroot@domain.com>
sub   rsa2048/CDC4C430 2017-09-22 [E]

# initialize pass (use the pub key id)
$ pass init 5486B0F6

Here’s an example on how to use our nativestore functions.

Finally, you can refer to the whole package here.