Follow these steps to enable SecretStore within your applications (also see Section 1.0, Getting Started):
Enabling an application to use SecretStore requires making a call to NSSSGetServiceInformation. A tree name also could be included with the context structure with the call.
For use, refer to sstst.c or lstst.c in Using Extension Structures.
NSSSGetServiceInformation informs you whether SecretStore has been enabled, who you are logged in as, and provides information about the SecretStore you work with.
Once you obtain service information, you need to read the available secrets by calling NSSSEnumerateSecretIDs. If you're looking for a particular application, you know what your Secret ID is.
If the specified ID exists in the SecretStore, call NSSSReadSecret with the specified ID to obtain the secret from SecretStore. The returned Secret can then be supplied to your SecretStore-enabled application to complete authentication.
When a call is made to SecretStore, verification is made to ensure that you are connected to the tree you have named. If you have not designated a tree, it is assumed the primary connection is being used.
Once an authenticated connection is verified, a search is made for a SecretStore server in that tree that can handle your request. After discovering the name of a suitable SecretStore server, the server is pinged to ensure it is on line and able to process the request. The call can then be made and the requested information returned. This procedure is repeated for each API. Each API sets up a separate secure session with the server. The process underlying each call made to the API includes the following:
None of these processes should impact performance significantly. Through the SecretStore technology, secrets (that is, passwords and other authentication credentials) are securely encrypted at all times, whether in transmission or in storage, and accessible only by the owner of the data. Since the data type is irrelevant, passwords and tokens can be safely stored and retrieved to enable a true single login experience for all applications. See Section 1.10, NICI and SecretStore .