From 10964301d9401389ca7100c26f03ad8b71f9926f Mon Sep 17 00:00:00 2001
From: Marcos Soutullo Rodriguez <marcos.soutullo91@gmail.com>
Date: Wed, 22 Nov 2023 21:24:10 +0000
Subject: [PATCH] Add recipe to configure ubuntu-keyring using Granted and the
 `login` keychain (#302)

---
 docs/granted/recipes/ubuntu-keyring.md | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 docs/granted/recipes/ubuntu-keyring.md

diff --git a/docs/granted/recipes/ubuntu-keyring.md b/docs/granted/recipes/ubuntu-keyring.md
new file mode 100644
index 0000000..ad4e935
--- /dev/null
+++ b/docs/granted/recipes/ubuntu-keyring.md
@@ -0,0 +1,23 @@
+# Encrypting AWS SSO Tokens Using Gnome Keyring
+
+Granted uses an [open-source library](https://github.com/99designs/keyring) to securely store AWS SSO tokens in a backend service. Apart from `pass` or the `Windows Credentials Manager`, Linux Desktop users that leverage Gnome as their desktop environment can use keyring to securely store AWS SSO tokens, and get it unlocked with the default `login` keychain.
+
+## Prerequisites
+
+- Installed Granted CLI tool.
+- Access to AWS SSO tokens.
+- Gnome keyring installed. Tested on Ubuntu 22 with Gnome 40+
+
+## Configuration
+
+Open the Granted configuration file located at `~/.granted/config`. Add the following configuration to specify the backend for keyring:
+
+```
+[Keyring]
+  Backend = "secret-service"
+  LibSecretCollectionName = "login"
+```
+
+Next time you run Granted, it will use the `secret-service` backend to store AWS SSO tokens and it will not ask you to enter your password. It will unlock it with the `login` keychain instead.
+
+As of Granted `v0.22.2` there is no official documentation on how to configure the keyring, however, [these settings](https://github.com/common-fate/granted/blob/bcf79899f282cceff6313f1757d963e4dbbf44e1/pkg/config/config.go#L58-L63) are already exposed and can be used. Refer to the upstream [library documentation](https://pkg.go.dev/github.com/99designs/keyring?utm_source=godoc) for further details.