Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

keytar in Electron creates persistent keys in the Windows credential store #301

Open
Young-Lord opened this issue Apr 14, 2023 · 1 comment
Open

keytar in Electron creates persistent keys in the Windows credential store #301

Young-Lord opened this issue Apr 14, 2023 · 1 comment
Labels
👀 upstream ✨ enhancement

Comments

@Young-Lord
Copy link

Related app: Element
As mentioned in document, Element uses keytar to save database passwords in user machine.
These keys include some sensitive information (username & homeserver). They can be listed by cmdkey /list as picture below. They won't be clear after quitting deleting the app.
output of cmdkey /list, showing string target=element.io
@crazy-max
Copy link
Member

crazy-max commented Jul 3, 2023
edited

Hum right that's sad. Don't think Electron supports some kind of sandboxed credential store. Maybe we can add a specific label to an item being set in the credential store, encrypt it on disk (in portapp folder) when the portapp is closed and remove it by matching the created label.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
👀 upstream ✨ enhancement
Milestone
No milestone
Development

No branches or pull requests
2 participants
@crazy-max @Young-Lord