NetBeans Keyring API

There is a new API in NetBeans 6.9 (Platform and IDE) for storing passwords securely:

If you maintain a module that needs to persist passwords or similar confidential data, use this API rather than relying on ROT-13 obfuscation or the like.

Besides a generic fallback implementation based on a master password (akin to the system in Firefox), there are special implementations unlocked by user login for Gnome ("Passwords and Encryption Keys"); Mac OS X (Keychain); and Windows (custom encrypted storage). If anyone out there is experienced with JNA and/or security APIs and would like to tune one of the implementations, or add support for other platforms (e.g. KWallet), that would be great; just file bug reports blocking

The API has few dependencies on the rest of the NB Platform, so it could be broken out into a library on if there is sufficient interest. (Since it seems like a fundamental service, in the long run it would be nice to have something similar in the Java platform.)

The above is copied from an e-mail by Jesse Glick on the mailing list from 12/12/2009.


This sounds great! :-)

I just recently wondered if such a thing exists.

KDE KWallet integration would be great...

Posted by Florian Brunner on January 24, 2010 at 08:50 AM PST #

I get this (You don't have permission to access /dev/javadoc/org-netbeans-modules-keyring/org/netbeans/api/keyring/Keyring.html on this server.) when i try to open (

Posted by Abubakar Gurnah on January 24, 2010 at 02:18 PM PST #

@Florian: Then there also should be also integration into the gnome-keyring-manager. And here we are also getting into tight OS-integration which always seems to be a little difficult from within Java. However - sure - that this would be a cool feature.

@NetBeans developers: You are really doing great work! NetBeans is one of the fastest evolving apps lately as far as I notice.

Posted by Martin Wildam on January 24, 2010 at 05:56 PM PST #

@Martin: As far as I could see there is some Gnome integration already:

But KDE is also very popular on Linux systems.

Another approach could be to convince the KDE team and Gnome team to implement some common interfaces. This would also make it easier to integrate other desktop environments on Linux - they just would have to implement those interfaces.

Posted by Florian Brunner on January 24, 2010 at 10:37 PM PST #

@Florian, @Martin: adding KWallet support would mean studying its APIs and trying to make a binding. The NetBeans SPI is really simple so the work is wrestling with native code. JNA is used for the integration, which definitely makes things easier (e.g. no need to mess around with javah or native compilation), but it can still be tricky to call into C APIs correctly: they can require complicated structs, or have unusual calling conventions. (Fortunately, the Gnome Keyring API provides some easy-to-call convenience methods for the most common tasks; unfortunately, these are not available in older Gnome releases such as is used in Solaris 10.)

Posted by Jesse Glick on January 25, 2010 at 12:02 AM PST #

@Abubakar - sorry, there was a bad upload of the production build which caused problems with permissions on Javadoc. Should be fixed now.

Posted by Jesse Glick on January 25, 2010 at 12:05 AM PST #

@Florian: there have in fact been attempts in the direction of unifying the two APIs; see <>. But until that is implemented and deployed, KDE users need explicit support: <>

Posted by Jesse Glick on January 25, 2010 at 06:19 AM PST #

I filed an issue for KDE KWallet support:

Let's see if this issue can show enough attraction for someone to implement it.

If you would like to see KDE KWallet support, please vote for it and add a comment (or help implementing it ;-) )

It even seems there is some work going on to define a common API for Gnome and KDE:

Posted by Florian Brunner on January 25, 2010 at 10:54 PM PST #

you say, you gain - one kwallet support on demand (patch tested and submited) :P

Posted by psychollek on February 01, 2010 at 01:29 PM PST #

Yes, once the new API starts appearing in official releases of Linux and Solaris distributions it will make sense to support it. The integrations with the GNOME Keyring API and with KWallet (via DBUS) will need to remain for a few years until OS installations not supporting the newer API become scarce.

Posted by Jesse Glick on June 17, 2010 at 11:20 PM PDT #

Post a Comment:
  • HTML Syntax: NOT allowed

Geertjan Wielenga (@geertjanw) is a Principal Product Manager in the Oracle Developer Tools group living & working in Amsterdam. He is a Java technology enthusiast, evangelist, trainer, speaker, and writer. He blogs here daily.

The focus of this blog is mostly on NetBeans (a development tool primarily for Java programmers), with an occasional reference to NetBeans, and sometimes diverging to topics relating to NetBeans. And then there are days when NetBeans is mentioned, just for a change.


« July 2014