add keyring support

[zabbal]

Emacs have built-in interface for gnome-keyring and kwallet called secrets:
(require 'secrets)

Would be great if circe would support it so credentials could be obtained from secure, portable, DE-agnostic and program-independent storage.

[Thaodan]

Hey I was working on this a few days ago.

A more convenient now days is to use an auth-source retriever if the password, sasl-password or nickserv-password is not passed to the circe-network.

If I understand correctly the way to do this would be to set the default of those to the auth-source wrapper function.
However this would work better if the function in those contexts get more of the parameters from the circe-network.

I have a prototype version of this based on the existing function of ghub here:

  (defun circe--ident (username network)
    (format "%s^%s" username network))
  (defun circe--auth-source-get (keys &rest spec)
    (declare (indent 1))
    (let ((plist (car (apply #'auth-source-search
                             (append spec (list :max 1))))))
      (mapcar (lambda (k)
                (plist-get plist k))
              keys)))
  (defun circe-pass-get (host user &optional network)
    "fooobar
    \fn(fn host user &optional network)"
    (auth-source-forget (list :host host :user user :max 1))
    (when network
      (setq user (circe--ident user network)))
    (let ((match (car (circe--auth-source-get (list :secret)
                        :host host :user user))))
      (cond ((null match)
             (error "Auth source empty for %s %s %s" host user network))
            ((functionp match)
             (funcall match)) (t match))))

Right now this helper can be used as lambda when specifying any pass entry like this:

:pass (lambda (host) (circe-pass-get host user "<user>"))

Now any auth-source such as secrets can be used to retrieve pass for circe.

[wasamasa]

If you need extra context, the function is called with the process buffer current and has access to buffer-local variables such as circe-network (see the section it's defined in for more of those).

Generally, I'm against adding keyring support due to the horrible auth-source.el API (your example forgets a cached item for no apparent reason): https://old.reddit.com/r/emacs/comments/8lvda6/is_authsource_from_the_dark_side/

[Thaodan]

If you need extra context, the function is called with the process buffer current and has access to buffer-local variables such as `circe-network` (see the section it's defined in for more of those).

Hm that sound and should make everything cleaner.

Generally, I'm against adding keyring support due to the horrible API (your example forgets a cached item for no apparent reason): https://old.reddit.com/r/emacs/comments/8lvda6/is_authsource_from_the_dark_ side/

The post is 4 years old is it still as bad? For read-only it works fine from my side.

[wasamasa]

The first point has been addressed, some new backends and minor improvements have been added, but the API is still the same. secrets.el seems to use a saner approach, but isn't nearly as useful. I just resort to calling pass, far less of a headache.