Mercurial and safely storing passwords
Mercurial allows for tying in keyring configuration for those of us who do not want to store passwords in plain-text in our
.hgrc files or constantly using SSH.
First install the Python keyring library by running
pip install keyring. After that is installed, checkout https://bitbucket.org/Mekk/mercurial_keyring/ and add to the
$HOME/.hgrc the following:
[extensions] mercurial_keyring = ~/path/to/mercurial_keyring/mercurial_keyring.py
Next up, configure your repositories, e.g. in the case of Bitbucket I use:
[auth] bitbucket.prefix = bitbucket.org/asmodai bitbucket.username = asmodai bitbucket.schemes = https
Mercurial keyring will automatically decide on the best keyring to use. On a FreeBSD system with no Gnome or other systems providing a keyring, if you do not specify a specific keyring, the system will use the file
~/.local/share/python_keyring/keyring_pass.cfg. This keyring file stores the passwords encoded in Base64 in plain-text. This is not quite what you would want from a security point of view. You can configure which backend store to use by editing
~/.local/share/python-keyring/keyringrc.cfg. To get a plain-text file with encrypted keys use the following configuration:
This will create the file
~/.local/share/python-keyring/crypted_pass.cfg after initializing the backend store with a password. Look at the documentation for keyring on what other configuration options are available.
Note: make sure the PyCrypto dependency is installed with the
_fastmath module. This in turn depends on the