1 files changed, 29 insertions, 17 deletions

diff --git a/doc/misc/auth.texi b/doc/misc/auth.texi
index e4254faabb9..829d7f4fa03 100644
--- a/doc/misc/auth.texi
+++ b/doc/misc/auth.texi
@@ -191,7 +191,7 @@ get fancy, the default and simplest configuration is:
 (setq auth-sources '("secrets:Login"))
 ;;; use pass (@file{~/.password-store})
 ;;; (@pxref{The Unix password store})
-(setq auth-sources '(password-store))
+(auth-source-pass-enable)
 ;;; JSON data in format [@{ "machine": "SERVER",
 ;;; "login": "USER", "password": "PASSWORD" @}...]
 (setq auth-sources '("~/.authinfo.json.gpg"))
@@ -305,7 +305,8 @@ The @dfn{Secret Service API} is a standard from
 to securely store passwords and other confidential information.  This
 API is implemented by system daemons such as the GNOME Keyring and the
 KDE Wallet (these are GNOME and KDE packages respectively and should
-be available on most modern GNU/Linux systems).
+be available on most modern GNU/Linux systems).  It has been tested
+also with KeePassXC.
 
 The auth-source library uses the @file{secrets.el} library to connect
 through the Secret Service API@.  You can also use that library in
@@ -360,15 +361,19 @@ Collections can be created and deleted by the functions
 Usually, this is not done from within Emacs.  Do not delete standard
 collections such as @code{"login"}.
 
-The special collection @code{"session"} exists for the lifetime of the
-corresponding client session (in our case, Emacs's lifetime).  It is
-created automatically when Emacs uses the Secret Service interface and
-it is deleted when Emacs is killed.  Therefore, it can be used to
-store and retrieve secret items temporarily.  The @code{"session"}
-collection is better than a persistent collection when the secret
-items should not live longer than Emacs.  The session collection can
-be specified either by the string @code{"session"}, or by @code{nil},
-whenever a collection parameter is needed in the following functions.
+With GNOME Keyring, there exists a special collection called
+@code{"session"}, which has the lifetime of the user being logged in.
+Its data are not stored on disk and go away when the user logs out.
+Therefore, it can be used to store and retrieve secret items
+temporarily.  The @code{"session"} collection is better than a
+persistent collection when the secret items should not live
+permanently.  The @code{"session"} collection can be addressed either
+by the string @code{"session"}, or by @code{nil}, whenever a
+collection parameter is needed.
+
+However, other Secret Service provider don't create this temporary
+@code{"session"} collection.  You shall check first that this
+collection exists, before you use it.
 
 @defun secrets-list-items collection
 Returns all the item labels of @var{collection} as a list.
@@ -382,7 +387,7 @@ pairs set for the created item.  The keys are keyword symbols,
 starting with a colon.  Example:
 
 @example
-;;; The session is "session", the label is "my item"
+;;; The collection is "session", the label is "my item"
 ;;; and the secret (password) is "geheim".
 (secrets-create-item "session" "my item" "geheim"
  :method "sudo" :user "joe" :host "remote-host")
@@ -574,10 +579,7 @@ from Gnus's @code{nnimap.el}.
                                            :create t))))
     (if found
         (list (plist-get found :user)
-              (let ((secret (plist-get found :secret)))
-                (if (functionp secret)
-                    (funcall secret)
-                  secret))
+              (auth-info-password found)
               (plist-get found :save-function))
       nil)))
 @end example
@@ -597,7 +599,7 @@ Later, after a successful login, @code{nnimap.el} calls the
 
 @example
 (when (functionp (nth 2 credentials))
-   (funcall (nth 2 credentials)))
+  (funcall (nth 2 credentials)))
 @end example
 
 This will work whether the @code{:save-function} was provided or not.
@@ -632,6 +634,16 @@ This function forgets any cached data matching @var{spec}.
 It returns the number of items forgotten.
 @end defun
 
+@defun auth-source-pick-first-password &rest spec
+This function returns the password of the first record found by
+applying @code{auth-source-search} to @var{spec}.
+@end defun
+
+@defun auth-info-password auth-info
+This function extracts the password string from the @var{auth-info}
+record.
+@end defun
+
 @node GnuPG and EasyPG Assistant Configuration
 @appendix GnuPG and EasyPG Assistant Configuration