feat(desktop): add secure credential storage with keytar

Author: TeaCoder52

.github/FUNDING.yml

@@ -1,39 +1,74 @@
----
 name: Bug Report
-about: Report a bug or unexpected behavior
-labels: ["bug"]
+description: Report a bug or unexpected behavior
+labels: ['bug']
 assignees: []
----
 
-## Bug Description
+body:
+    - type: textarea
+      attributes:
+          label: Bug Description
+          description: |
+              Please describe the bug you encountered in as much detail as possible.
 
-Please describe the bug you encountered in as much detail as possible.
+              - What happened?
+              - What did you expect to happen?
+              - Are there any error messages shown?
+          placeholder: |
+              Describe the bug clearly and concisely.
+      validations:
+          required: true
 
-- What happened?
-- What did you expect to happen?
-- Are there any error messages shown?
+    - type: textarea
+      attributes:
+          label: Steps to Reproduce
+          description: |
+              Please include exact steps so we can reproduce the issue.
+          placeholder: |
+              1.
+              2.
+              3.
+              4.
+      validations:
+          required: true
 
-## Steps to Reproduce
+    - type: textarea
+      attributes:
+          label: Screenshots / Logs
+          description: |
+              If applicable, add screenshots or logs to help explain your problem.
+          placeholder: |
+              Paste logs here or attach screenshots.
 
-1.
-2.
-3.
-4.
+    - type: markdown
+      attributes:
+          value: |
+              ## Environment
 
-_(Please include exact steps so we can reproduce the issue.)_
+    - type: input
+      attributes:
+          label: OS
+          placeholder: macOS / Windows / Linux
+      validations:
+          required: true
 
-## Screenshots / Logs
+    - type: input
+      attributes:
+          label: Datary Version
+          placeholder: 0.0.1
+      validations:
+          required: true
 
-If applicable, add screenshots or logs to help explain your problem.
+    - type: input
+      attributes:
+          label: Database
+          placeholder: PostgreSQL / MySQL / MariaDB / Microsoft SQL Server
+      validations:
+          required: true
 
-## Environment
-
-| Feature | Details |
-|---------|---------|
-| OS | |
-| Datary Version | |
-| Database | |
-
-## Additional Context
-
-Add any other context about the problem here.
+    - type: textarea
+      attributes:
+          label: Additional Context
+          description: |
+              Add any other context about the problem here.
+          placeholder: |
+              Any extra information that may help.

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,56 @@
+name: Feature Request
+description: Suggest a new idea or improvement for Datary
+labels: ['enhancement']
+assignees: []
+
+body:
+    - type: markdown
+      attributes:
+          value: |
+              Thanks for taking the time to suggest an improvement!
+              Datary is a database management tool, so features related to databases, UX, performance, or integrations are especially welcome.
+
+    - type: textarea
+      attributes:
+          label: Feature description
+          description: |
+              What feature are you requesting?
+              Explain what it does and why it would be valuable.
+          placeholder: |
+              Example:
+              Add support for exporting query results to CSV/JSON directly from the results table.
+      validations:
+          required: true
+
+    - type: textarea
+      attributes:
+          label: Use case / motivation
+          description: |
+              Describe the problem this feature solves and who would benefit from it.
+          placeholder: |
+              Example:
+              When working with large datasets, I often need to share query results with teammates.
+              Currently, I have to copy data manually or use external tools.
+      validations:
+          required: true
+
+    - type: textarea
+      attributes:
+          label: Suggested implementation
+          description: |
+              If you have ideas on how this could work (UI, behavior, API), describe them here.
+              This is optional but very helpful.
+          placeholder: |
+              Example:
+              - Add an "Export" button near the results table
+              - Allow selecting format (CSV / JSON)
+              - Save file via native OS dialog
+
+    - type: textarea
+      attributes:
+          label: Examples / references
+          description: |
+              If similar functionality exists in other tools, add links, screenshots, or descriptions.
+          placeholder: |
+              Example:
+              DBeaver has a similar export dialog with format selection and preview.

.github/ISSUE_TEMPLATE/feature-request.yml

@@ -9,8 +9,6 @@ import { mainWindow } from './app.state'
 export function createMainWindow() {
 	const preloadPath = getPreloadPath(__dirname)
 
-	console.log('preloadPath: ', preloadPath)
-
 	const win = new BrowserWindow({
 		width: 1200,
 		height: 800,
@@ -28,6 +26,9 @@ export function createMainWindow() {
 	mainWindow.set(win)
 
 	if (isDev && DEV_SERVER_URL) {
+		win.webContents.closeDevTools()
+		win.webContents.setVisualZoomLevelLimits(1, 1)
+
 		win.loadURL(DEV_SERVER_URL)
 	} else {
 		win.loadFile(getRendererIndex(__dirname))

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -2,71 +2,83 @@ import { IPC_CHANNELS } from '@datary/ipc'
 import { ipcMain } from 'electron'
 import Store from 'electron-store'
 
+import { buildCredentialId } from '../../services/credential/credential.utils'
+import { CredentialVault } from '../../services/credential/credential.vault'
 import { logger } from '../../utils/logger'
 
 export interface ConnectionHistoryItem {
-	id?: string
+	id: string
 	name?: string
 	host: string
 	port: number
 	user: string
-	password?: string
 	database: string
 	type: 'postgresql' | 'mysql' | 'mariadb' | 'mssql'
 	ssl?: boolean
 	lastUsed?: number
 }
 
-const ENCRYPTION_KEY = 'datary-secret-key-123'
 const store = new Store<{ history: ConnectionHistoryItem[] }>({
 	name: 'connections',
-	defaults: { history: [] },
-	encryptionKey: ENCRYPTION_KEY
+	defaults: { history: [] }
 })
 
+const vault = new CredentialVault()
+
 export function registerConnectionHandlers() {
 	ipcMain.handle(IPC_CHANNELS.CONNECTIONS.GET, () => {
 		return store.get('history') ?? []
 	})
 
-	ipcMain.handle(IPC_CHANNELS.CONNECTIONS.ADD, (_, connection: ConnectionHistoryItem) => {
-		const history = store.get('history') ?? []
-		const index = history.findIndex(
-			c =>
-				c.host === connection.host &&
-				c.port === connection.port &&
-				c.user === connection.user &&
-				c.database === connection.database &&
-				c.type === connection.type
-		)
-
-		const newConnection = { ...connection, lastUsed: Date.now() }
-
-		if (index > -1) {
-			history[index] = newConnection
-		} else {
-			history.unshift(newConnection)
-		}
+	ipcMain.handle(
+		IPC_CHANNELS.CONNECTIONS.ADD,
+		async (_, connection: ConnectionHistoryItem & { password?: string }) => {
+			const history = store.get('history') ?? []
 
-		store.set('history', history)
-		return history
-	})
+			const credentialId = buildCredentialId(connection)
+
+			if (connection.password) await vault.save(credentialId, connection.password)
 
-	ipcMain.handle(IPC_CHANNELS.CONNECTIONS.DELETE, (_, connection: ConnectionHistoryItem) => {
-		const history = store.get('history') ?? []
-		const filtered = history.filter(
-			c =>
-				!(
+			const index = history.findIndex(
+				c =>
 					c.host === connection.host &&
 					c.port === connection.port &&
 					c.user === connection.user &&
 					c.database === connection.database &&
 					c.type === connection.type
-				)
-		)
-		store.set('history', filtered)
-		return filtered
-	})
+			)
+
+			const newConnection = { ...connection, lastUsed: Date.now() }
+
+			if (index > -1) history[index] = newConnection
+			else history.unshift(newConnection)
+
+			store.set('history', history)
+			return history
+		}
+	)
+
+	ipcMain.handle(
+		IPC_CHANNELS.CONNECTIONS.DELETE,
+		async (_, connection: ConnectionHistoryItem) => {
+			if (connection.id) await vault.delete(connection.id)
+
+			const history = store.get('history') ?? []
+			const filtered = history.filter(
+				c =>
+					!(
+						c.host === connection.host &&
+						c.port === connection.port &&
+						c.user === connection.user &&
+						c.database === connection.database &&
+						c.type === connection.type
+					)
+			)
+
+			store.set('history', filtered)
+			return filtered
+		}
+	)
 
 	ipcMain.handle(IPC_CHANNELS.CONNECTIONS.CLEAR, () => {
 		store.set('history', [])

apps/desktop/main/app/window.manager.ts

@@ -0,0 +1,8 @@
+import type { ConnectionType } from '@datary/core'
+
+export interface DbCredential {
+	id: string
+	username: string
+	password: string
+	type: ConnectionType
+}

apps/desktop/main/ipc/handlers/connection.handler.ts

@@ -0,0 +1,5 @@
+import type { ConnectionHistoryItem } from '../../ipc/handlers/connection.handler'
+
+export function buildCredentialId(connection: ConnectionHistoryItem) {
+	return `${connection.type}::/${connection.user}@${connection.host}:${connection.port}/${connection.database}`
+}

apps/desktop/main/services/credential/credential.types.ts

@@ -0,0 +1,17 @@
+import keytar from 'keytar'
+
+const SERVICE_NAME = 'datary'
+
+export class CredentialVault {
+	public async save(id: string, value: string): Promise<void> {
+		await keytar.setPassword(SERVICE_NAME, id, value)
+	}
+
+	public async get(id: string): Promise<string | null> {
+		return keytar.getPassword(SERVICE_NAME, id)
+	}
+
+	public async delete(id: string): Promise<void> {
+		await keytar.deletePassword(SERVICE_NAME, id)
+	}
+}

apps/desktop/main/services/credential/credential.utils.ts

@@ -2,15 +2,8 @@
 	"name": "@datary/desktop",
 	"version": "0.0.1",
 	"main": "dist/main/index.js",
-	"author": {
-		"name": "Vadim (TeaCoder)",
-		"url": "https://github.com/TeaCoder52"
-	},
-	"repository": {
-		"type": "git",
-		"url": "https://github.com/TeaCoder52/datary.git"
-	},
 	"scripts": {
+		"postinstall": "node node_modules/electron/install.js && pnpm exec electron-rebuild -f -w keytar",
 		"dev": "concurrently \"pnpm dev:preload\" \"pnpm dev:renderer\" \"pnpm dev:main\" \"pnpm dev:electron\"",
 		"dev:renderer": "pnpm --filter @datary/renderer dev",
 		"dev:preload": "tsc -p preload/tsconfig.json --watch",
@@ -26,7 +19,9 @@
 		"@datary/core": "workspace:*",
 		"@datary/db": "workspace:*",
 		"@datary/ipc": "workspace:*",
-		"electron-store": "^11.0.2"
+		"add": "^2.0.6",
+		"electron-store": "^11.0.2",
+		"keytar": "^7.9.0"
 	},
 	"devDependencies": {
 		"concurrently": "^9.2.1",
@@ -42,7 +37,11 @@
 			"dist/**/*",
 			"preload/**/*",
 			"renderer/dist/**/*",
-			"assets/icons/**/*"
+			"assets/icons/**/*",
+			"!**/*.map",
+			"!**/tests/**",
+			"!**/__mocks__/**",
+			"!**/*.spec.ts"
 		],
 		"directories": {
 			"output": "build"