Implement a simple way to hook into local credential stores

[copumpkin]

Not sure if this can be done in nixpkgs or has to be in nix, but I recently added a fetchadc (#4327) fixed-output function that retrieves files from the Apple official developer download site. To use it, you need to put credentials into your config though, and seeing passwords in a cleartext file makes me feel icky. On Mac OS, it's not hard to use the security tool (which is bundled with Mac OS but I conveniently also added to nixpkgs recently in #4326) to look up credentials in the systemwide keychain, which doesn't seem bad to use in a fixed-output derivation, but I don't know how best to hook that into a function that someone could call in their confix.nix. Whatever it ends up being, I assume something similar could be done on linux.

This also seems tangentially related to NixOS/nix#329, although I don't envision the credentials ever making it into the store.

[bluescreen303]

I use systemd-ask-password in my configuration.nix in a systemd service which pipes the answer to the program that needs it. Then I use systemd-tty-ask-password-agent on a tty to supply the password to the service.

[jagajaga]

@copumpkin can't we do that yet? @bluescreen303 answered you?

[joachifm]

Looks to me like this has been answered