Expand description
Linux kernel (keyutils) credential store
Modern linux kernels have a built-in secure store, keyutils. This module (written primarily by @landhb) uses that secure store as the persistent back end for entries.
Entries in keyutils are identified by a string description. If an entry is created with
an explicit target, that value is used as the keyutils description. Otherwise, the string
keyring-rs:user@service is used (where user and service come from the entry creation call).
A single entry in keyutils can be on multiple “keyrings”, each of which has a subtly different lifetime. The core storage for keyring keys is provided by the user-specific persistent keyring, whose lifetime defaults to a few days (and is controllable by administrators). But whenever an entry’s credential is used, it is also added to the user’s session keyring: this ensures that the credential will persist as long as the client is running.
Headless usage
If you are trying to use keyring on a headless linux box, it’s strongly recommended that you use this
credential store, because (as part of the kernel) it’s designed to be used headlessly.
To set this module as your default store, build with --features linux-default-keyutils.
Alternatively, you can drop the secret-service credential store altogether
(which will slim your build significantly) by building keyring
with --no-default-features and --features linux-no-secret-service.