Skip to content

Add macOS Touch ID gates and biometric secret storage#1

Open
nvk wants to merge 1 commit into
masterfrom
touch-id
Open

Add macOS Touch ID gates and biometric secret storage#1
nvk wants to merge 1 commit into
masterfrom
touch-id

Conversation

@nvk

@nvk nvk commented Apr 25, 2026

Copy link
Copy Markdown
Owner

Summary

Add macOS user-authentication support around secret injection with two complementary paths:

  • touchid-check, a standalone Swift helper for shell-level user authentication on unsigned/Homebrew-style installs
  • envchain --set -b, which stores items with kSecAccessControlUserPresence for properly signed builds

What changed

  • build and install touchid-check on macOS when swiftc is available
  • add biometric save support with entitlement preflight, actionable errors, and restore-on-failure semantics
  • add a Linux stub for --set -b
  • document the signed-build path and the shell-helper path in TOUCHID.md

Notes

  • the helper path is the practical default for unsigned CLI installs
  • biometric Keychain ACL storage requires a properly signed envchain binary

Verification

  • make -B

@nvk nvk changed the title Add macOS Touch ID gates and biometric secret storage Add macOS Touch ID gates and biometric secret storage (legacy version) Apr 25, 2026
@nvk nvk force-pushed the master branch 2 times, most recently from f292425 to 5eb8f35 Compare April 25, 2026 15:59
@nvk nvk changed the title Add macOS Touch ID gates and biometric secret storage (legacy version) Add macOS Touch ID gates and biometric secret storage Apr 25, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant