.github/workflows/main.yml

@@ -6,35 +6,17 @@ permissions:
   contents: read
 
 env:
-  # Environment variables to support color support (jaraco/skeleton#66):
-  # Request colored output from CLI tools supporting it. Different tools
-  # interpret the value differently. For some, just being set is sufficient.
-  # For others, it must be a non-zero integer. For yet others, being set
-  # to a non-empty value is sufficient. For tox, it must be one of
-  # <blank>, 0, 1, false, no, off, on, true, yes. The only enabling value
-  # in common is "1".
+  # Environment variable to support color support (jaraco/skeleton#66)
   FORCE_COLOR: 1
-  # MyPy's color enforcement (must be a non-zero number)
-  MYPY_FORCE_COLOR: -42
-  # Recognized by the `py` package, dependency of `pytest` (must be "1")
-  PY_COLORS: 1
-  # Make tox-wrapped tools see color requests
-  TOX_TESTENV_PASSENV: >-
-    FORCE_COLOR
-    MYPY_FORCE_COLOR
-    NO_COLOR
-    PY_COLORS
-    PYTEST_THEME
-    PYTEST_THEME_MODE
 
   # Suppress noisy pip warnings
   PIP_DISABLE_PIP_VERSION_CHECK: 'true'
   PIP_NO_PYTHON_VERSION_WARNING: 'true'
   PIP_NO_WARN_SCRIPT_LOCATION: 'true'
 
-  # Disable the spinner, noise in GHA; TODO(webknjaz): Fix this upstream
-  # Must be "1".
-  TOX_PARALLEL_NO_SPINNER: 1
+  # Ensure tests can sense settings about the environment
+  TOX_OVERRIDE: >-
+    testenv.pass_env+=GITHUB_*,FORCE_COLOR
 
 
 jobs:
@@ -68,9 +50,27 @@ jobs:
       - name: Install tox
         run: |
           python -m pip install tox
-      - name: Run tests
+      - name: Run
         run: tox
 
+  diffcov:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: Setup Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: 3.x
+      - name: Install tox
+        run: |
+          python -m pip install tox
+      - name: Evaluate coverage
+        run: tox
+        env:
+          TOXENV: diffcov
+
   docs:
     runs-on: ubuntu-latest
     env:
@@ -82,7 +82,7 @@ jobs:
       - name: Install tox
         run: |
           python -m pip install tox
-      - name: Run tests
+      - name: Run
         run: tox
 
   check:  # This job does nothing and is only used for the branch protection
@@ -113,11 +113,11 @@ jobs:
       - name: Setup Python
         uses: actions/setup-python@v4
         with:
-          python-version: 3.11-dev
+          python-version: 3.x
       - name: Install tox
         run: |
           python -m pip install tox
-      - name: Release
+      - name: Run
         run: tox -e release
         env:
           TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN }}

NEWS.rst

@@ -1,3 +1,12 @@
+v24.3.0
+=======
+
+Features
+--------
+
+- Added bash completion support. (#643)
+
+
 v24.2.0
 =======
 
@@ -7,6 +16,9 @@ Features
 - Require Python 3.8 or later.
 
 
+v24.1.1
+=======
+
 Bugfixes
 --------
 
@@ -413,7 +425,7 @@ v19.3.0
   of ``PasswordSetError`` or ``KeyringError``. Any API users
   may need to account for this change, probably by catching
   the parent ``KeyringError``.
-  Additionally, the error message from the underying error is
+  Additionally, the error message from the underlying error is
   now included in any errors that occur.
 
 17.1.1

README.rst

@@ -185,14 +185,18 @@ use cases. Simply install them to make them available:
 - `gsheet-keyring <https://pypi.org/project/gsheet-keyring>`_
   - a backend that stores secrets in a Google Sheet. For use with
   `ipython-secrets <https://pypi.org/project/ipython-secrets>`_.
-- `bitwarden-keyring <https://pypi.org/project/bitwarden-keyring/0.1.0/>`_
+- `bitwarden-keyring <https://pypi.org/project/bitwarden-keyring/>`_
   - a backend that stores secrets in the `BitWarden <https://bitwarden.com/>`_
   password manager.
+- `onepassword-keyring <https://pypi.org/project/onepassword-keyring/>`_
+  - a backend that stores secrets in the `1Password <https://1password.com/>`_ password manager.
 - `sagecipher <https://pypi.org/project/sagecipher>`_ - an encryption
   backend which uses the ssh agent protocol's signature operation to
   derive the cipher key.
 - `keyrings.osx_keychain_keys <https://pypi.org/project/keyrings.osx-keychain-keys>`_
   - OSX keychain key-management, for private, public, and symmetric keys.
+- `keyring_pass.PasswordStoreBackend <https://github.com/nazarewk/keyring_pass>`_
+   - Password Store (pass) backend for python's keyring 
 
 
 Write your own keyring backend
@@ -423,22 +427,6 @@ welcomes contributors.
 * Bug Tracker: https://github.com/jaraco/keyring/issues/
 * Mailing list: http://groups.google.com/group/python-keyring
 
-For Enterprise
-==============
-
-Available as part of the Tidelift Subscription.
-
-This project and the maintainers of thousands of other packages are working with Tidelift to deliver one enterprise subscription that covers all of the open source you use.
-
-`Learn more <https://tidelift.com/subscription/pkg/pypi-keyring?utm_source=pypi-keyring&utm_medium=referral&utm_campaign=github>`_.
-
-Security Contact
-================
-
-To report a security vulnerability, please use the
-`Tidelift security contact <https://tidelift.com/security>`_.
-Tidelift will coordinate the fix and disclosure.
-
 Security Considerations
 =======================
 
@@ -496,3 +484,12 @@ mentored Kang on this project.
 
 .. _this post: http://tarekziade.wordpress.com/2009/03/27/pycon-hallway-session-1-a-keyring-library-for-python/
 .. _Google Summer of Code: http://socghop.appspot.com/
+
+For Enterprise
+==============
+
+Available as part of the Tidelift Subscription.
+
+This project and the maintainers of thousands of other packages are working with Tidelift to deliver one enterprise subscription that covers all of the open source you use.
+
+`Learn more <https://tidelift.com/subscription/pkg/pypi-keyring?utm_source=pypi-keyring&utm_medium=referral&utm_campaign=github>`_.

SECURITY.md

@@ -0,0 +1,3 @@
+# Security Contact
+
+To report a security vulnerability, please use the [Tidelift security contact](https://tidelift.com/security). Tidelift will coordinate the fix and disclosure.

docs/index.rst

@@ -1,6 +1,10 @@
 Welcome to |project| documentation!
 ===================================
 
+.. sidebar-links::
+   :home:
+   :pypi:
+
 .. include:: ../README.rst
 
 .. toctree::

keyring/backend_complete.bash

@@ -0,0 +1,14 @@
+# Complete keyring backends for `keyring -b` from `keyring --list-backends`
+# # keyring -b <TAB>
+# keyring.backends.chainer.ChainerBackend keyring.backends.fail.Keyring ...
+
+_keyring_backends() {
+	local choices
+	choices=$(
+		"${COMP_WORDS[0]}" --list-backends 2>/dev/null |
+			while IFS=$' \t' read -r backend rest; do
+				printf "%s\n" "$backend"
+			done
+	)
+	compgen -W "${choices[*]}" -- "$1"
+}

keyring/backends/Windows.py

@@ -54,7 +54,7 @@ def value(self):
         except UnicodeDecodeError:
             decoded_cred_utf8 = cred.decode('utf-8')
             log.warning(
-                "Retrieved an UTF-8 encoded credential. Please be aware that "
+                "Retrieved a UTF-8 encoded credential. Please be aware that "
                 "this library only writes credentials in UTF-16."
             )
             return decoded_cred_utf8

keyring/backends/macOS/api.py

@@ -110,7 +110,7 @@ def raise_for_status(cls, status):
             raise SecAuthFailure(
                 status,
                 "Security Auth Failure: make sure "
-                "python is signed with codesign util",
+                "executable is signed with codesign util",
             )
         raise cls(status, "Unknown Error")
 

keyring/completion.py

@@ -36,11 +36,15 @@ def get_action(parser, option):
 
 def install_completion(parser):
     preamble = dict(
+        bash=files(__package__).joinpath('backend_complete.bash').read_text(),
         zsh=files(__package__).joinpath('backend_complete.zsh').read_text(),
     )
     shtab.add_argument_to(parser, preamble=preamble)
-    get_action(parser, '--keyring-path').completion = shtab.DIR
-    get_action(parser, '--keyring-backend').completion = dict(zsh='backend_complete')
+    get_action(parser, '--keyring-path').complete = shtab.DIR
+    get_action(parser, '--keyring-backend').complete = dict(
+        bash='_keyring_backends',
+        zsh='backend_complete',
+    )
     return parser
 
 

keyring/core.py

@@ -99,7 +99,7 @@ def _detect_backend(limit: typing.Optional[LimitCallable] = None):
         or load_config()
         or max(
             # all keyrings passing the limit filter
-            filter(limit, backend.get_all_keyring()),
+            filter(limit, backend.get_all_keyring()),  # type: ignore  # 659
             default=fail.Keyring(),
             key=backend.by_priority,
         )

pyproject.toml

@@ -6,15 +6,3 @@ build-backend = "setuptools.build_meta"
 skip-string-normalization = true
 
 [tool.setuptools_scm]
-
-[tool.pytest-enabler.black]
-addopts = "--black"
-
-[tool.pytest-enabler.mypy]
-addopts = "--mypy"
-
-[tool.pytest-enabler.cov]
-addopts = "--cov"
-
-[tool.pytest-enabler.ruff]
-addopts = "--ruff"

setup.cfg

@@ -45,15 +45,17 @@ testing =
 	pytest-mypy >= 0.9.1; \
 		# workaround for jaraco/skeleton#22
 		python_implementation != "PyPy"
-	pytest-enabler >= 1.3
+	pytest-enabler >= 2.2
 	pytest-ruff
 
 	# local
 
 docs =
 	# upstream
 	sphinx >= 3.5
-	jaraco.packaging >= 9
+	# workaround for sphinx/sphinx-doc#11662
+	sphinx < 7.2.5
+	jaraco.packaging >= 9.3
 	rst.linker >= 1.9
 	furo
 	sphinx-lint
@@ -64,7 +66,7 @@ docs =
 	# local
 
 completion =
-	shtab
+	shtab >= 1.1.0
 
 [options.entry_points]
 console_scripts =

tests/test_core.py

@@ -1,7 +1,15 @@
+import textwrap
+
+import pytest
+
 import keyring.core
-from unittest.mock import patch
-import pathlib
-import tempfile
+
+
+@pytest.fixture
+def config_path(tmp_path, monkeypatch):
+    path = tmp_path / 'keyringrc.cfg'
+    monkeypatch.setattr(keyring.core, '_config_path', lambda: path)
+    return path
 
 
 def test_init_recommended(monkeypatch):
@@ -12,27 +20,20 @@ def test_init_recommended(monkeypatch):
     keyring.core.init_backend(keyring.core.recommended)
 
 
-def test_load_config_missing(caplog):
-    with tempfile.TemporaryDirectory() as tmpdirname:
-        path = pathlib.Path(tmpdirname) / "keyringrc.cfg"
-        with patch.object(
-            keyring.core, '_config_path', return_value=path
-        ) as config_path_mock:
-            assert keyring.core.load_config() is None
-            assert not caplog.records
+def test_load_config_missing(caplog, config_path):
+    assert keyring.core.load_config() is None
+    assert not caplog.records
 
-        config_path_mock.assert_called_once()
 
+fail_config = textwrap.dedent(
+    """
+    [backend]
+    default-keyring = keyring.backends.fail.Keyring
+    """
+).lstrip()
 
-def test_load_config_exists(caplog):
-    with tempfile.TemporaryDirectory() as tmpdirname:
-        path = pathlib.Path(tmpdirname) / "keyringrc.cfg"
-        with open(path, "w", encoding='UTF-8') as file:
-            file.write('[backend]\ndefault-keyring=keyring.backends.fail.Keyring\n')
-        with patch.object(
-            keyring.core, '_config_path', return_value=path
-        ) as config_path_mock:
-            assert keyring.core.load_config() is not None
-            assert not caplog.records
 
-        config_path_mock.assert_called_once()
+def test_load_config_extant(caplog, config_path):
+    config_path.write_text(fail_config, encoding='utf-8')
+    assert keyring.core.load_config() is not None
+    assert not caplog.records

tox.ini

@@ -1,8 +1,5 @@
-[tox]
-toxworkdir={env:TOX_WORK_DIR:.tox}
-
-
 [testenv]
+description = perform primary checks (tests, style, types, coverage)
 deps =
 setenv =
 	PYTHONWARNDEFAULTENCODING = 1
@@ -12,32 +9,46 @@ usedevelop = True
 extras =
 	testing
 
+[testenv:diffcov]
+description = run tests and check that diff from main is covered
+deps =
+	diff-cover
+commands =
+	pytest {posargs} --cov-report xml
+	diff-cover coverage.xml --compare-branch=origin/main --html-report diffcov.html
+	diff-cover coverage.xml --compare-branch=origin/main --fail-under=100
+
 [testenv:docs]
+description = build the documentation
 extras =
 	docs
 	testing
 changedir = docs
 commands =
 	python -m sphinx -W --keep-going . {toxinidir}/build/html
-	python -m sphinxlint
+	python -m sphinxlint \
+		# workaround for sphinx-contrib/sphinx-lint#83
+		--jobs 1
 
 [testenv:finalize]
+description = assemble changelog and tag a release
 skip_install = True
 deps =
 	towncrier
 	jaraco.develop >= 7.23
-passenv = *
+pass_env = *
 commands =
 	python -m jaraco.develop.finalize
 
 
 [testenv:release]
+description = publish the package to PyPI and GitHub
 skip_install = True
 deps =
 	build
 	twine>=3
 	jaraco.develop>=7.1
-passenv =
+pass_env =
 	TWINE_PASSWORD
 	GITHUB_TOKEN
 setenv =