represents a credential store.


  • Credential stores are also called keychains or keyrings, depending on the operating system used.
  • assoc is an Association containing the details needed to use a specific credential store.
  • The keys used in assoc include:
  • "Backend"the store back end to use
    "Keyring"the keyring to use
  • "Backend" specifies which of the available credential store implementations to use.
  • On Windows, the default back end is "System", which represents Windows Credential Manager.
  • On macOS, the default back end is "System", which represents Apple's Keychain Access password management system.
  • On Linux, the default back end is "EncryptedFile". Linux can also use "KWallet" or "LibSecret" backends if they are available.
  • The "EncryptedFile" back end is available on all platforms and the Wolfram Cloud.
  • A specific back end may support one or several separate keyrings that store secrets. "Keyring" specifies which of the keyrings is to be used.
  • Depending on the back end used, a specific keyring may need to be unlocked to be used. The system will prompt for a password to unlock the keyring if needed.
  • On Windows, the "System" keyring is the only keyring supported by the Windows Credential Manager.
  • On macOS and Linux, it is possible to create multiple keyrings. To manage keyrings, operating systemspecific tools must be used.
  • With the setting "Keyring"Automatic, on macOS, the keyring set by the operating system is used.


open allclose all

Basic Examples  (4)

Give the current SystemCredentialStoreObject:

Change the credential store:

List the key names:

Reset the credential store to the default:

Scope  (2)

A typical default setting for macOS:

A typical default setting for Windows:

A possible setting for Linux:

If no suitable OS-provided keychain is available, an "EncryptedFile" store is used by default:

Generalizations & Extensions  (2)

Give the current SystemCredentialStoreObject:

Set a secret:

List all stored key names:

Temporarily use another credential store without setting it as a default:

Retrieve the value from the default credential store:

Retrieve the value from the alternative credential store:

Introduced in 2020