Sailfish OS
  • Info
  • User Experience
  • Cases
  • Community
  • Developers
  • Contact
  • Get Sailfish OS
Select Page
  • Info
  • User Experience
  • Cases
  • Community
  • Developers
  • Contact
  • Get Sailfish OS

Sailfish Secrets

API Documentation
  • API Documentation
  • Libsailfishapp
  • Sailfish Silica
    • Documentation
    • Icon Reference
  • Sailfish Components
    • Sailfish Accounts
    • Sailfish Bluetooth
    • Sailfish Contacts
    • Sailfish Crypto
    • Sailfish Gallery
    • Sailfish Media
    • Sailfish Pickers
    • Sailfish Secrets
    • Sailfish Share
    • Sailfish Telephony
    • Sailfish Webview
    • Amber Web Authorization
    • Amber MPRIS
  • Nemo QML Plugins
    • Configuration
    • Contacts
    • D-Bus
    • Keepalive
    • Notifications
    • Thumbnailer
  • Sailfish Middleware
    • MDM Framework
    • MDM Policy Framework
    • User Manager Daemon
  • API Documentation
  • Libsailfishapp
  • Sailfish Silica
    • Documentation
    • Icon Reference
  • Sailfish Components
    • Sailfish Accounts
    • Sailfish Bluetooth
    • Sailfish Contacts
    • Sailfish Crypto
    • Sailfish Gallery
    • Sailfish Media
    • Sailfish Pickers
    • Sailfish Secrets
    • Sailfish Share
    • Sailfish Telephony
    • Sailfish Webview
    • Amber Web Authorization
    • Amber MPRIS
  • Nemo QML Plugins
    • Configuration
    • Contacts
    • D-Bus
    • Keepalive
    • Notifications
    • Thumbnailer
  • Sailfish Middleware
    • MDM Framework
    • MDM Policy Framework
    • User Manager Daemon

Contents

  • Public Types
  • Public Functions
  • Detailed Description

StoragePlugin Class

(Sailfish::Secrets::StoragePlugin)

Specifies an interface allowing storage and retrieval of secrets More...

Header: #include <Secrets/Plugins/extensionplugins.h>
Inherits: Sailfish::Secrets::PluginBase
  • List of all members, including inherited members

Public Types

enum FilterOperator { OperatorOr, OperatorAnd }
enum StorageType { NoStorage, InMemoryStorage, FileSystemStorage, SecureFilesystemStorage, SecurePeripheralStorage }

Public Functions

StoragePlugin()
virtual ~StoragePlugin()
virtual Sailfish::Secrets::Result collectionNames(QStringList *names) = 0
virtual Sailfish::Secrets::Result createCollection(const QString &collectionName) = 0
virtual Sailfish::Secrets::Result findSecrets(const QString &collectionName, const Sailfish::Secrets::Secret::FilterData &filter, Sailfish::Secrets::StoragePlugin::FilterOperator filterOperator, QStringList *secretNames) = 0
virtual Sailfish::Secrets::Result getSecret(const QString &collectionName, const QString &secretName, QByteArray *secret, Sailfish::Secrets::Secret::FilterData *filterData) = 0
virtual Sailfish::Secrets::Result reencrypt(const QString &collectionName, const QString &secretName, const QByteArray &oldkey, const QByteArray &newkey, Sailfish::Secrets::EncryptionPlugin *plugin) = 0
virtual Sailfish::Secrets::Result removeCollection(const QString &collectionName) = 0
virtual Sailfish::Secrets::Result removeSecret(const QString &collectionName, const QString &secretName) = 0
virtual Sailfish::Secrets::Result secretNames(const QString &collectionName, QStringList *secretNames) = 0
virtual Sailfish::Secrets::Result setSecret(const QString &collectionName, const QString &secretName, const QByteArray &secret, const Sailfish::Secrets::Secret::FilterData &filterData) = 0
virtual Sailfish::Secrets::StoragePlugin::StorageType storageType() const = 0
  • 11 public functions inherited from Sailfish::Secrets::PluginBase

Detailed Description

Specifies an interface allowing storage and retrieval of secrets

The StoragePlugin type specifies an interface which includes a variety of operations on secrets and collections of secrets.

A plugin implementation should derive from this type only if the backing store (e.g. USB token, online service, etc) does not support encryption; otherwise, the EncryptedStoragePlugin interface should be used.

Member Type Documentation

enum StoragePlugin::FilterOperator

This enum defines the possible operators which may be specified for filter operations

ConstantValueDescription
Sailfish::Secrets::StoragePlugin::OperatorOrSecretManager::OperatorOrA secret matches the filter if its filter data contains any of the key-value pairs specified in the filter
Sailfish::Secrets::StoragePlugin::OperatorAndSecretManager::OperatorAndA secret matches the filter if its filter data contains all of the key-value pairs specified in the filter

enum StoragePlugin::StorageType

This enum defines the types of storage capability which may be offered by plugins

ConstantValueDescription
Sailfish::Secrets::StoragePlugin::NoStorage0No storage is provided
Sailfish::Secrets::StoragePlugin::InMemoryStorage1Secrets are stored in-memory only; data won't survive reboot
Sailfish::Secrets::StoragePlugin::FileSystemStorage2Normal filesystem storage, e.g. in a database
Sailfish::Secrets::StoragePlugin::SecureFilesystemStorage?Storage available to trusted execution environment applications only
Sailfish::Secrets::StoragePlugin::SecurePeripheralStorage4Data is stored to a secure hardware peripheral via TEE application

Member Function Documentation

StoragePlugin::StoragePlugin()

Constructs a new StoragePlugin instance

[virtual] StoragePlugin::~StoragePlugin()

Cleans up any memory used by the StoragePlugin instance

[pure virtual] Sailfish::Secrets::Result StoragePlugin::collectionNames(QStringList *names)

Writes the names of collections managed by the plugin to names

If the plugin itself is locked, this function should return a Sailfish::Secrets::Result with the result code set to Sailfish::Secrets::Result::Failed and the error code set to Sailfish::Secrets::Result::SecretsPluginIsLockedError.

If the storage plugin supports storing collections of secrets, it must implement this method by returning the names of currently stored collections into the out-parameter names and returning a Sailfish::Secrets::Result with the result code set to Sailfish::Secrets::Result::Succeeded.

Otherwise, it should write an empty list of collection names to the out-parameter names and return a Sailfish::Secrets::Result with the result code set to Sailfish::Secrets::Result::Succeeded.

If the operation failed due to storage backend failure, the plugin should return a Sailfish::Secrets::Result with the result code set to Sailfish::Secrets::Failed and the error code set to Sailfish::Secrets::Result::DatabaseError.

[pure virtual] Sailfish::Secrets::Result StoragePlugin::createCollection(const QString &collectionName)

Creates a collection within which to store secrets called collectionName

If the plugin itself is locked, this function should return a Sailfish::Secrets::Result with the result code set to Sailfish::Secrets::Result::Failed and the error code set to Sailfish::Secrets::Result::SecretsPluginIsLockedError.

If the storage plugin supports storing collections of secrets, it must implement this method such that the new collection is created, its name is subsequently returned from collectionNames(), and secrets can be stored in it, and the plugin should return a Sailfish::Secrets::Result with the result code set to Sailfish::Secrets::Result::Succeeded.

If the operation failed due to storage backend failure, the plugin should return a Sailfish::Secrets::Result with the result code set to Sailfish::Secrets::Failed and the error code set to Sailfish::Secrets::Result::DatabaseError.

If a collection with that name already exists in the storage managed by the plugin, the plugin should return a Sailfish::Secrets::Result with the result code set to Sailfish::Secrets::Result::Failed and the error code set to Sailfish::Secrets::Result::CollectionAlreadyExistsError.

If the storage plugin does not support the creation of new collections, it should return a Sailfish::Secrets::Result with the result code set to Sailfish::Secrets::Result::Failed and the error code set to Sailfish::Secrets::Result::OperationNotSupportedError.

[pure virtual] Sailfish::Secrets::Result StoragePlugin::findSecrets(const QString &collectionName, const Sailfish::Secrets::Secret::FilterData &filter, Sailfish::Secrets::StoragePlugin::FilterOperator filterOperator, QStringList *secretNames)

Writes the name of each secret in the collection with the specified collectionName into the out-parameter secretNames if that secret has filter data matching the given filter according to the specified filterOperator.

If the plugin itself is locked, this function should return a Sailfish::Secrets::Result with the result code set to Sailfish::Secrets::Result::Failed and the error code set to Sailfish::Secrets::Result::SecretsPluginIsLockedError.

If the given collectionName is empty, or is the special value "standalone", the plugin should return the names of standalone secrets which match the filter requirements which are stored in the storage managed by the storage plugin. If the plugin does not support storing standalone secrets, it should set the secretNames out-parameter to an empty list, and return a Sailfish::Secrets::Result with the result code set to Sailfish::Secrets::Result::Succeeded.

If no collection with the given collectionName exists in the storage managed by the plugin, the plugin should return a Sailfish::Secrets::Result with the result code set to Sailfish::Secrets::Result::Failed and the error code set to Sailfish::Secrets::Result::InvalidCollectionError.

If the given filterOperator is OperatorOr then a secret is deemed to match if its filter data contains any of the key-value pairs specified in the filter. Otherwise, if the filterOperator is OperatorAnd then a secret is deemed to match only if its filter data contains all of the key-value pairs specified in the filter.

If the secret names were retrieved successfully, the plugin should return a Sailfish::Secrets::Result with the result code set to Sailfish::Secrets::Result::Succeeded.

If the operation failed due to storage backend failure, the plugin should return a Sailfish::Secrets::Result with the result code set to Sailfish::Secrets::Failed and the error code set to Sailfish::Secrets::Result::DatabaseError.

[pure virtual] Sailfish::Secrets::Result StoragePlugin::getSecret(const QString &collectionName, const QString &secretName, QByteArray *secret, Sailfish::Secrets::Secret::FilterData *filterData)

Write the secret data and filter data associated with the secret identified by the given secretName in the collection identified by the given collectionName into the secret and filterData out-parameters respectively.

If the plugin itself is locked, this function should return a Sailfish::Secrets::Result with the result code set to Sailfish::Secrets::Result::Failed and the error code set to Sailfish::Secrets::Result::SecretsPluginIsLockedError.

If no collection with the given collectionName exists in the storage managed by the plugin, the plugin should return a Sailfish::Secrets::Result with the result code set to Sailfish::Secrets::Result::Failed and the error code set to Sailfish::Secrets::Result::InvalidCollectionError.

If no secret with the given secretName exists in that collection managed by the plugin, the plugin should return a Sailfish::Secrets::Result with the result code set to Sailfish::Secrets::Result::Failed and the error code set to Sailfish::Secrets::Result::InvalidSecretError.

If the secret data was retrieved successfully, the plugin should return a Sailfish::Secrets::Result with the result code set to Sailfish::Secrets::Result::Succeeded.

If the operation failed due to storage backend failure, the plugin should return a Sailfish::Secrets::Result with the result code set to Sailfish::Secrets::Failed and the error code set to Sailfish::Secrets::Result::DatabaseError.

[pure virtual] Sailfish::Secrets::Result StoragePlugin::reencrypt(const QString &collectionName, const QString &secretName, const QByteArray &oldkey, const QByteArray &newkey, Sailfish::Secrets::EncryptionPlugin *plugin)

Transactionally re-encrypt secret data stored by the storage plugin using the specified oldkey to decrypt the current data, and then encrypting that data with the newkey, by calling the appropriate methods of the specified EncryptionPlugin plugin.

If the plugin itself is locked, this function should return a Sailfish::Secrets::Result with the result code set to Sailfish::Secrets::Result::Failed and the error code set to Sailfish::Secrets::Result::SecretsPluginIsLockedError.

If the given collectionName is empty, or is the special value "standalone", the plugin should re-encrypt the standalone secret identified by the given secretName. Otherwise, the plugin should re-encrypt every secret within the collection identified by the given collectionName.

Only the secret data (and not the filter data) should be re-encrypted.

This method will be invoked if the user changes the master encryption key, if any collection stored within this storage plugin uses master-lock (or device-lock) semantics. It will also be invoked if the user changes a custom-lock associated with a collection or standalone secret.

If the secret data was re-encrypted and updated within storage successfully, the plugin should return a Sailfish::Secrets::Result with the result code set to Sailfish::Secrets::Result::Succeeded.

If the operation failed due to storage backend failure, the plugin should return a Sailfish::Secrets::Result with the result code set to Sailfish::Secrets::Failed and the error code set to Sailfish::Secrets::Result::DatabaseError.

[pure virtual] Sailfish::Secrets::Result StoragePlugin::removeCollection(const QString &collectionName)

Removes the collection with the given collectionName from the storage managed by the plugin.

If the plugin itself is locked, this function should return a Sailfish::Secrets::Result with the result code set to Sailfish::Secrets::Result::Failed and the error code set to Sailfish::Secrets::Result::SecretsPluginIsLockedError.

If the storage plugin supports removing collections of secrets, it must implement this method such that the specified collection is removed, its name is subsequently no longer returned from collectionNames(), and and the plugin should return a Sailfish::Secrets::Result with the result code set to Sailfish::Secrets::Result::Succeeded. Any secrets which were stored into this collection should be removed as part of this operation.

If the operation failed due to storage backend failure, the plugin should return a Sailfish::Secrets::Result with the result code set to Sailfish::Secrets::Failed and the error code set to Sailfish::Secrets::Result::DatabaseError.

If no collection with that name exists in the storage managed by the plugin, the plugin should return a Sailfish::Secrets::Result with the result code set to Sailfish::Secrets::Result::Failed and the error code set to Sailfish::Secrets::Result::InvalidCollectionError.

If the storage plugin does not support the removal of collections, it should return a Sailfish::Secrets::Result with the result code set to Sailfish::Secrets::Result::Failed and the error code set to Sailfish::Secrets::Result::OperationNotSupportedError.

[pure virtual] Sailfish::Secrets::Result StoragePlugin::removeSecret(const QString &collectionName, const QString &secretName)

Remove the secret identified by the given secretName within the collection identified by the given collectionName from the storage managed by the storage plugin.

If the plugin itself is locked, this function should return a Sailfish::Secrets::Result with the result code set to Sailfish::Secrets::Result::Failed and the error code set to Sailfish::Secrets::Result::SecretsPluginIsLockedError.

If no collection with the given collectionName exists in the storage managed by the plugin, the plugin should return a Sailfish::Secrets::Result with the result code set to Sailfish::Secrets::Result::Failed and the error code set to Sailfish::Secrets::Result::InvalidCollectionError.

If no secret with the given secretName exists in that collection managed by the plugin, the plugin should return a Sailfish::Secrets::Result with the result code set to Sailfish::Secrets::Result::Failed and the error code set to Sailfish::Secrets::Result::InvalidSecretError.

If the secret data and any associated filter data was removed successfully, the plugin should return a Sailfish::Secrets::Result with the result code set to Sailfish::Secrets::Result::Succeeded.

If the operation failed due to storage backend failure, the plugin should return a Sailfish::Secrets::Result with the result code set to Sailfish::Secrets::Failed and the error code set to Sailfish::Secrets::Result::DatabaseError.

[pure virtual] Sailfish::Secrets::Result StoragePlugin::secretNames(const QString &collectionName, QStringList *secretNames)

Write the names of secrets which are stored by the plugin in the collection with the given collectionName to the secretNames out-parameter.

If the plugin itself is locked, this function should return a Sailfish::Secrets::Result with the result code set to Sailfish::Secrets::Result::Failed and the error code set to Sailfish::Secrets::Result::SecretsPluginIsLockedError.

If the given collectionName is empty, or is the special value "standalone", the plugin should return the names of standalone secrets which are stored in the storage managed by the storage plugin. If the plugin does not support storing standalone secrets, it should set the secretNames out-parameter to an empty list, and return a Sailfish::Secrets::Result with the result code set to Sailfish::Secrets::Result::Succeeded.

If no collection with the given collectionName exists in the storage managed by the plugin, the plugin should return a Sailfish::Secrets::Result with the result code set to Sailfish::Secrets::Result::Failed and the error code set to Sailfish::Secrets::Result::InvalidCollectionError.

If the secret names were retrieved successfully, the plugin should return a Sailfish::Secrets::Result with the result code set to Sailfish::Secrets::Result::Succeeded.

If the operation failed due to storage backend failure, the plugin should return a Sailfish::Secrets::Result with the result code set to Sailfish::Secrets::Failed and the error code set to Sailfish::Secrets::Result::DatabaseError.

[pure virtual] Sailfish::Secrets::Result StoragePlugin::setSecret(const QString &collectionName, const QString &secretName, const QByteArray &secret, const Sailfish::Secrets::Secret::FilterData &filterData)

Store the given secret data identified by the given secretName with the specified filterData into the collection identified by the given collectionName.

If the plugin itself is locked, this function should return a Sailfish::Secrets::Result with the result code set to Sailfish::Secrets::Result::Failed and the error code set to Sailfish::Secrets::Result::SecretsPluginIsLockedError.

If the given collectionName is either empty or contains the special value "standalone", this specifies that the secret should not be stored in a collection, but instead should be stored on its own (and thus not be deleted when any particular collection is deleted), if the storage plugin supports storing standalone secrets (and otherwise should return a Sailfish::Secrets::Result with the result code set to Sailfish::Secrets::Result::Failed and the error code set to Sailfish::Secrets::Result::OperationNotSupportedError).

If no collection with the given collectionName exists in the storage managed by the plugin, the plugin should return a Sailfish::Secrets::Result with the result code set to Sailfish::Secrets::Result::Failed and the error code set to Sailfish::Secrets::Result::InvalidCollectionError.

If a secret with the specified secretName is already stored in the collection identified by the given collectionName, the plugin should return a Sailfish::Secrets::Result with the result code set to Sailfish::Secrets::Result::Failed and the error code set to Sailfish::Secrets::Result::SecretAlreadyExistsError.

If the operation failed due to storage backend failure, the plugin should return a Sailfish::Secrets::Result with the result code set to Sailfish::Secrets::Failed and the error code set to Sailfish::Secrets::Result::DatabaseError.

[pure virtual] Sailfish::Secrets::StoragePlugin::StorageType StoragePlugin::storageType() const

Returns the type of storage which is exposed by the plugin

  • Legal
  • Contact Us
  • Jolla Mobile Ltd © 2025

  • Facebook
  • Twitter
  • Mastodon
  • YouTube
  • LinkedIn