This release integrates a few important bug fixes (thanks @vermiculus, @unkcpz) that have come in since the release of v3.6.2, and is the last release expected for the v3 series. The release of v4 is expected in about a month, and it will bring significant changes:

• the cross-platform API will become its own crate: keyring-core.
• each credential store will become its own store.
• this crate will become an example of how to write a keyring-based application.

PLEASE NOTE: with this release, the main branch has changed significantly. What was on the main branch has moved to be a v4 branch, and the main branch was reverted to v3.6.2 and then had bug fix commits added on. If you have an existing fork of this repository, you should immediately sync your repo by choosing the "discard commits" option, which will take your repo back to v3.6.2 and then pull the newer commits. Then, if you have development work on one of your other branches, you should rebase that work onto the updated main.

This release has been tested on macOS, iOS, Windows, Linux, and FreeBSD 14.2 (getting Rust 1.85 from ports).

See the README for porting information.

Please try it and provide feedback via issues.

If you want to use the linux-keyutils credential store, you will find it in the "keystore" branch of this fork of keyutils (be sure to specify the "keystore" feature when building it). For example:

linux-keyutils = { git = "https://github.com/brotskydotcom/linux-keyutils.git", branch = "keystore", features = ["keystore"] }

If you want to use the async-secret-service credential store, you will find it in the "keystore" branch of this fork of secret-service (be sure to specify the "keystore" feature when building it). For example:

secret-service = { git = "https://github.com/brotskydotcom/secret-service-rs.git", branch = "keystore", features = ["keystore", "rt-tokio-crypto-rust"] }

For each of linux-keyutils and secret-service, see the crate's "keystore" module for how to make it your default keystore. These keystores can both be used whether or not you suppress the default features in your build of this crate.

The first beta release wouldn't build if you disabled default features. This one does! Many thanks to @noib3 for quickly pulling the beta, trying it, and noticing this issue!

Here are the release notes for beta.1:

This release is ready for clients and client developers to try integrating. The functionality is stable and the feature set is stable. See the README for porting information.

Please try it and provide feedback via issues.

If you want to use the linux-keyutils credential store, you will find it in the "keystore" branch of my fork of keyutils (be sure to specify the "keystore" feature when building it):

linux-keyutils = { git = "https://github.com/brotskydotcom/linux-keyutils.git", branch = "keystore", features = ["keystore"] }

If you want to use the async-secret-service credential store, you will find it in the "keystore" branch of my fork of secret-service (be sure to specify the "keystore" feature when building it):

secret-service = { git = "https://github.com/brotskydotcom/secret-service-rs.git", branch = "keystore", features = ["keystore"] }

This release is ready for clients and client developers to try integrating. The functionality is stable and the feature set is stable. See the README for porting information.

Please try it and provide feedback via issues.

If you want to use the linux-keyutils credential store, you will find it in the "keystore" branch of my fork of keyutils (be sure to specify the "keystore" feature when building it):

linux-keyutils = { git = "https://github.com/brotskydotcom/linux-keyutils.git", branch = "keystore", features = ["keystore"] }

If you want to use the async-secret-service credential store, you will find it in the "keystore" branch of my fork of secret-service (be sure to specify the "keystore" feature when building it):

secret-service = { git = "https://github.com/brotskydotcom/secret-service-rs.git", branch = "keystore", features = ["keystore"] }

Keyring v4 is a return to its roots - lightweight, minimal, cross-platform - with the extensibility of v2 and v3 preserved for specialized use cases.

For built-in credential store implementations, we're back to using the macOS Keychain Services, the Windows Credential Manager, and the *nix Secret Service (e.g., the Gnome keyring or KDE Wallet). The default features now enable all three (one per platform), but if you suppress the default feature set you can pick and choose by specifying specific features (or none, if you are bringing your own credential store instead).

We are back to using only one implementation of the Secret Service, and it's fully synchronous (so no async runtime included).

The mock credential store remains for testing purposes, but it is never selected as the "default" credential store.

Support for using the linux keyutils as a credential store is being moved out to the linux-keyutils crate.

Support for using both the keyutils and the Secret Service together is also being moved out to a separate crate.

Users who have been with keyring from v2 or v3, and who didn't use keyutils, should be able to upgrade to this version simply by removing all their feature specifications; no code changes will be needed.

Thanks to @unkcpz, this release fully documents all the platform-specific modules in each platform on docs.rs.

The dev dependencies (used for testing) have been switched from using rand to using the lighter-weight module fastrand.

There are no functional code changes in this release, only test changes.

Two of the dependencies (openssl and whoami) were discovered to have vulnerabilities which were fixed in minor or patch releases. This crate has been updated to insist that the minor/patch release number of these dependencies is high enough to ensure use of a patched version.

There is no reason to think that the vulnerabilities in these dependencies could have been exercised through this crate. In addition, builds of clients done after the dependencies were patched would have already picked up the non-vulnerable versions. So this change is simply to ensure that future builds cannot use the vulnerable versions.

There are no code changes in this release.

This release contains a new credential store for Linux: a combination of keyutils (for use by headless processes) and secret service (for persistence of credentials beyond reboot). Thanks very much to @soywod for the contribution!

• Add debug logging of internal operations (thanks to @soywod).
• Revert iOS security-framework dependency to v2 (see #225).

As pointed out in #214, it is possible to use both the secret-service and the keyutils credential stores at the same time, so this should be an allowed combination of specified features. This release allows that combination, selecting the secret-service as the default keystore but also loading the keyutils keystore.