In a previous post I talked about setting up an encrypted file based keyring store for Mercurial. With some recent updates of the Python keyring modules, the setup changed a little bit again.
The file-backed keyrings got moved out to the keyrings.alt package.
$HOME/.local/share/python_keyring/keyringrc.cfg needs to be adjusted as follows:
In an earlier post I documented how to set up an encrypted file store for your keyring. With recent versions of Python keyring (at least 3 and up) the
CryptedFileKeyring backend got removed and replaced by
EncryptedKeyring. So in your
$HOME/.local/share/python_keyring/keyringrc.cfg you need to now have the following:
If PyCharm complains that it
Can't start Mercurial: /usr/bin/hg Probably the path to hg executable is not valid, then check if running hg from the command line triggers a problem running a certain extension. In my case I had a version of
mercurial_keyring that did not play nice with each other. After upgrading these to 3.0.5 and 0.6.0 respectively, the problem went away. I guess PyCharm tests the run of the hg binary and if the shell return code (
echo $?) is something other than 0 will show this warning.
Mercurial allows for tying in keyring configuration for those of us who do not want to store passwords in plain-text in our
.hgrc files or constantly using SSH.
First install the Python keyring library by running
pip install keyring. After that is installed, checkout https://bitbucket.org/Mekk/mercurial_keyring/ and add to
$HOME/.hgrc the following:
mercurial_keyring = ~/path/to/mercurial_keyring/mercurial_keyring.py
Next up, configure your repositories, e.g. in the case of Bitbucket I use:
bitbucket.prefix = bitbucket.org/asmodai
bitbucket.username = asmodai
bitbucket.schemes = https
Mercurial keyring will automatically decide on the best keyring to use. On a FreeBSD system with no Gnome or other systems providing a keyring, if you do not specify a specific keyring, the system will use the file
~/.local/share/python_keyring/keyring_pass.cfg. This keyring file stores the passwords encoded in Base64 in plain-text. This is not quite what you would want from a security point of view. You can configure which backend store to use by editing
$HOME/.local/share/python-keyring/keyringrc.cfg. To get a plain-text file with encrypted keys use the following configuration:
This will create the file
~/.local/share/python-keyring/crypted_pass.cfg after initializing the backend store with a password. Look at the documentation for keyring on what other configuration options are available.
Note: make sure the PyCrypto dependency is installed with the
_fastmath module. This in turn depends on the