-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Migrate the msal-node-extensions to use @napi-rs/keyring instead of keytar #7170
Comments
cc @bgavrilMS to consider this for msal-node |
I think the other big motivating factor is that MSAL should use a maintained package to store secrets. Especially when those secrets are auth tokens. |
Agreed, @bgavrilMS - Please make sure that this is prioritized, as there is a good story from Windows to use wsl2 for node.js & frontend devs |
Because I notice that the latest |
Core Library
MSAL Node (@azure/msal-node)
Wrapper Library
MSAL Node Extensions (@azure/msal-node-extensions)
Public or Confidential Client?
Public
Description
Currently, the msal-node-extensions imposes a dependency on
keytar
. This is a cross-platform library that abstracts keystore. On Windows, this extension already handles credential persistence via the in-built Data Protection. On Linux, thekeytar
library depends on libsecret, which is then dependent on a dbus... this is not available in headless workloads like WSL2. A better approach is to utilize@napi-rs/keyring
which is a thinnapi-rs
wrapper on top of thekeyring-rs
crate written in Rust. There, the secret store is implemented natively in Rust as well. https://www.npmjs.com/package/@napi-rs/keyring uses https://github.com/hwchen/keyring-rs uses https://github.com/hwchen/secret-service-rs ... this means that headless workloads can also use keystores with this implementation.In addition, the author of the @napi-rs/keyring was recently awarded OSS fund from MSFT which means that the author is a credible source of quality code. I highly recommend us to move away from
keytar
.Source
Internal (Microsoft)
The text was updated successfully, but these errors were encountered: