v4.0.0-alpha.5: add examples

This release adds two example programs. The first just creates or deletes three credentials with known values so you can see what they look like in the platform native credential GUI. The second does scanning for "leaks" of secret values from the keyring-core and credential stores, to make sure that client supplied or retrieved secrets are not being left in released memory.

What's Changed

• Add the leak-test example by @brotskydotcom in #290

Full Changelog: v4.0.0-alpha.4...v4.0.0-alpha.5

v4.0.0-alpha.4: separate Rust and Python components

This is a cleanup release. The Rust and Python components have been separated, which makes the keyring crate very clean and the Python module a clean client of the keyring crate. It also provides the structure in which a Tauri app can be added.

What's Changed

• Bump pyo3 from 0.27.1 to 0.27.2 by @dependabot[bot] in #283
• Bump actions/upload-artifact from 4 to 5 by @dependabot[bot] in #282
• Bump actions/checkout from 4 to 6 by @dependabot[bot] in #281
• Bump actions/download-artifact from 4 to 6 by @dependabot[bot] in #280
• Bump actions/attest-build-provenance from 2 to 3 by @dependabot[bot] in #279
• Bump actions/setup-python from 5 to 6 by @dependabot[bot] in #278
• Bump actions/upload-artifact from 5 to 6 by @dependabot[bot] in #287
• Bump actions/download-artifact from 6 to 7 by @dependabot[bot] in #285
• Bump dbus-secret-service-keyring-store from 0.3.0 to 0.3.2 by @dependabot[bot] in #288
• Bump zbus-secret-service-keyring-store from 0.2.0 to 0.2.1 by @dependabot[bot] in #286
• Move to alpha.4 by @brotskydotcom in #289

Full Changelog: v4.0.0-alpha.3...v4.0.0-alpha.4

v4.0.0-alpha.3: better docs and tiny cleanups

This looks like a good candidate for beta. Please try it out.

What's Changed

• v4.0.0-alpha.3: better docs and tiny cleanups by @brotskydotcom in #277

Full Changelog: v4.0.0-alpha.2...v4.0.0-alpha.3

v4.0.0-alpha.2: first pre-release of v4

This release converts this crate to being a sample-code/demonstrator/inventory-of-credential-stores crate. It provides a super-simple Rust CLI and a far-more-useful Python module wrapper over the keyring-core functionality.

This first alpha has full functionality but the documentation is very light.

What's Changed

• Bump actions/checkout from 4 to 5 by @dependabot[bot] in #267
• Subtitute for #261 by @brotskydotcom in #269
• Update windows-sys requirement from 0.60 to 0.61 by @dependabot[bot] in #271
• Bump actions/checkout from 5 to 6 by @dependabot[bot] in #275
• First alpha of v4 by @brotskydotcom in #276

Full Changelog: v3.6.3-republish...v4.0.0-alpha.2

v3.6.3: Likely final release of v3

This release integrates a few important bug fixes (thanks @vermiculus, @unkcpz) that have come in since the release of v3.6.2, and is the last release expected for the v3 series. The release of v4 is expected in about a month, and it will bring significant changes:

• the cross-platform API will become its own crate: keyring-core.
• each credential store will become its own store.
• this crate will become an example of how to write a keyring-based application.

PLEASE NOTE: with this release, the main branch has changed significantly. What was on the main branch has moved to be a v4 branch, and the main branch was reverted to v3.6.2 and then had bug fix commits added on. If you have an existing fork of this repository, you should immediately sync your repo by choosing the "discard commits" option, which will take your repo back to v3.6.2 and then pull the newer commits. Then, if you have development work on one of your other branches, you should rebase that work onto the updated main.

v3.6.2: better docs, lighter-weight tests

Thanks to @unkcpz, this release fully documents all the platform-specific modules in each platform on docs.rs.

The dev dependencies (used for testing) have been switched from using rand to using the lighter-weight module fastrand.

There are no functional code changes in this release, only test changes.

v3.6.1: Update dependencies

Two of the dependencies (openssl and whoami) were discovered to have vulnerabilities which were fixed in minor or patch releases. This crate has been updated to insist that the minor/patch release number of these dependencies is high enough to ensure use of a patched version.

There is no reason to think that the vulnerabilities in these dependencies could have been exercised through this crate. In addition, builds of clients done after the dependencies were patched would have already picked up the non-vulnerable versions. So this change is simply to ensure that future builds cannot use the vulnerable versions.

There are no code changes in this release.

v3.6.0: Add new combination keystore

This release contains a new credential store for Linux: a combination of keyutils (for use by headless processes) and secret service (for persistence of credentials beyond reboot). Thanks very much to @soywod for the contribution!

v3.5.0: Add debug logging of internal operations

• Add debug logging of internal operations (thanks to @soywod).
• Revert iOS security-framework dependency to v2 (see #225).

v3.4.0: allow simultaneous use of secret-service and keyutils

As pointed out in #214, it is possible to use both the secret-service and the keyutils credential stores at the same time, so this should be an allowed combination of specified features. This release allows that combination, selecting the secret-service as the default keystore but also loading the keyutils keystore.