Pass-through to the superclass constructor.
The service string to send to the superclass constructor.
The display name for this credential manager to send to the superclass constructor
Maximum credential length allowed by Windows 7 and newer.
We don't support older versions of Windows where the limit is 512 bytes.
Combined list of services that the plugin will go through
Reference to the lazily loaded keytar module.
Errors that occurred while loading keytar will be stored in here.
Every method of this class should call the checkForKeytar method before proceeding. It is this method that will check for keytar and throw this error if it was detected that keytar wasn't loaded.
The service that the Credential Manager is running under. Imperative will set this to the cliName
The service name for our built-in credential manager.
The default service name for storing credentials.
This function is called before the {@link deletePassword}, {@link getPassword}, and {@link setPassword} functions. It will check if keytar is not null and will throw an error if it is.
The error thrown will be the contents of loadError or a new ImperativeError. The former error will be the most common one as we expect failures during the load since keytar is optional. The latter error will indicate that some unknown condition has happened so we will create a new ImperativeError with the report suppressed. The report is suppressed because it may be possible that a detailed report could capture a username and password, which would probably be a bad thing.
Delete credentials for an account managed by the credential manager.
The account (or profile identifier) associated with credentials
Calls the keytar deletePassword service with {@link DefaultCredentialManager#service} and the account passed to the function by Imperative.
The account for which to delete the password
A promise that the function has completed.
Helper to load credentials from vault that supports values longer than
DefaultCredentialManager.WIN32_CRED_MAX_STRING_LENGTH on Windows.
The string service name.
The string account name.
A promise for the credential string.
Called by CredentialManagerFactory.initialize before the freeze of the object. This gives us a chance to load keytar into the class before we are locked down. If a load failure occurs, we will store the error and throw it once a method of this class tries to execute. This prevents a missing keytar module from stopping all operation of the cli.
In the future, we could go even further to have keytar load into a sub-object of this class so that the load doesn't hold up the main class execution.
A promise that the function has completed.
Load credentials for an account managed by the credential manager.
The account (or profile identifier) associated with credentials
Set to true if failure to find credentials should be ignored
The username and password associated with the account.
Calls the keytar getPassword service with {@link DefaultCredentialManager#service} and the account passed to the function by Imperative.
The account for which to get credentials
Set to true if failure to find credentials should be ignored
A promise containing the credentials stored in keytar.
Save credentials for an account managed by the credential manager.
The account (or profile identifier) associated with credentials
Value to be securely stored
Calls the keytar setPassword service with {@link DefaultCredentialManager#service} and the account and credentials passed to the function by Imperative.
The account to set credentials
The credentials to store
A promise that the function has completed.
Helper to save credentials to vault that supports values longer than
DefaultCredentialManager.WIN32_CRED_MAX_STRING_LENGTH on Windows.
The string service name.
The string account name.
The string credential.
Generated using TypeDoc
Default Credential Manager is our implementation of the Imperative Credential Manager. This manager invokes methods created by the keytar utility (https://www.npmjs.com/package/keytar) to access the secure credential vault on the user's machine.
Keychains Used by Keytar
Keytar must be installed by the app using imperative (like zowe-cli).
On Linux, Keytar will not work out of the box without some additional configuration to install libsecret. Keytar provides the following documentation for Linux users to install libsecret:
Depending on your distribution, you will need to run the following command:
sudo apt-get install libsecret-1-devsudo yum install libsecret-develsudo pacman -S libsecret