Fix for SecretAgent acting as if it has no keys after updating macOS (#427)

* Allow reload pre-op * Fix tests * Make sure standin keys get rewritten on force update * Stub store
2026-03-13 13:07:22 +01:00 · 2022-12-17 23:16:56 -08:00
parent 382913cb99
commit 3b254d33a5
7 changed files with 70 additions and 31 deletions
--- a/Sources/Packages/Sources/SecretKit/Erasers/AnySecretStore.swift
+++ b/Sources/Packages/Sources/SecretKit/Erasers/AnySecretStore.swift
@@ -12,6 +12,7 @@ public class AnySecretStore: SecretStore {
    private let _sign: (Data, AnySecret, SigningRequestProvenance) throws -> Data
    private let _existingPersistedAuthenticationContext: (AnySecret) -> PersistedAuthenticationContext?
    private let _persistAuthentication: (AnySecret, TimeInterval) throws -> Void
+    private let _reloadSecrets: () -> Void

    private var sink: AnyCancellable?

@@ -24,6 +25,7 @@ public class AnySecretStore: SecretStore {
        _sign = { try secretStore.sign(data: $0, with: $1.base as! SecretStoreType.SecretType, for: $2) }
        _existingPersistedAuthenticationContext = { secretStore.existingPersistedAuthenticationContext(secret: $0.base as! SecretStoreType.SecretType) }
        _persistAuthentication = { try secretStore.persistAuthentication(secret: $0.base as! SecretStoreType.SecretType, forDuration: $1) }
+        _reloadSecrets = { secretStore.reloadSecrets() }
        sink = secretStore.objectWillChange.sink { _ in
            self.objectWillChange.send()
        }
@@ -57,6 +59,10 @@ public class AnySecretStore: SecretStore {
        try _persistAuthentication(secret, duration)
    }

+    public func reloadSecrets() {
+        _reloadSecrets()
+    }
+
 }

 public class AnySecretStoreModifiable: AnySecretStore, SecretStoreModifiable {
--- a/Sources/Packages/Sources/SecretKit/Types/SecretStore.swift
+++ b/Sources/Packages/Sources/SecretKit/Types/SecretStore.swift
@@ -36,6 +36,9 @@ public protocol SecretStore: ObservableObject, Identifiable {
    ///  - Note: This is used for temporarily unlocking access to a secret which would otherwise require authentication every single use. This is useful for situations where the user anticipates several rapid accesses to a authorization-guarded secret.
    func persistAuthentication(secret: SecretType, forDuration duration: TimeInterval) throws

+    /// Requests that the store reload secrets from any backing store, if neccessary.
+    func reloadSecrets()
+
 }

 /// A SecretStore that the Secretive admin app can modify.