Skip to content

feat: Store server token in Keychain#105

Merged
iret77 merged 2 commits into
mainfrom
feat/keychain-storage
Apr 26, 2026
Merged

feat: Store server token in Keychain#105
iret77 merged 2 commits into
mainfrom
feat/keychain-storage

Conversation

@iret77

@iret77 iret77 commented Apr 26, 2026

Copy link
Copy Markdown
Owner

Summary

This implements Issue #42 to enhance security by storing the sensitive server token in the macOS Keychain instead of the insecure UserDefaults.

Changes:

  1. Add Dependency: Adds the KeychainAccess library via Swift Package Manager to handle all Keychain operations.
  2. Refactor Storage Logic: Replaces all UserDefaults get/set operations for the server token with calls to KeychainAccess. The token is now stored securely, scoped to the app's service identifier.
  3. Implement Migration: A transparent migration path is included. On launch, the app checks for a token in the old UserDefaults location. If found, it is moved to the Keychain, and the entry in UserDefaults is deleted. This ensures existing users do not need to re-pair.
  4. Add Entitlement: The ClawsyMac.entitlements file has been updated with the "Keychain Sharing" capability to ensure the app has the necessary permissions.

This resolves a high-priority security issue.

@iret77 iret77 merged commit 8be834a into main Apr 26, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant