Documentation
¶
Overview ¶
Package keyring provides secure credential storage using the OS keychain (macOS Keychain, Linux Secret Service, Windows Credential Manager) with automatic fallback to environment variables.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ErrNotFound = errors.New("credential not found")
ErrNotFound is returned when no credential exists for the requested service.
Functions ¶
func EnvVar ¶
func EnvVar(service ServiceName) string
EnvVar returns the environment variable name for a service.
func IsKnownService ¶
func IsKnownService(s ServiceName) bool
IsKnownService reports whether s is a recognized service name.
func Label ¶
func Label(service ServiceName) string
Label returns the human-readable label for a service.
Types ¶
type CredentialInfo ¶
type CredentialInfo struct {
Service ServiceName `json:"service"`
Label string `json:"label"`
Status CredentialStatus `json:"status"`
Source CredentialSource `json:"source"`
MaskedValue string `json:"masked_value"` // "sk-ant...3f7x"
}
CredentialInfo describes a credential without revealing its value.
type CredentialSource ¶
type CredentialSource string
CredentialSource describes where a credential was loaded from.
const ( SourceKeyring CredentialSource = "keyring" SourceEnv CredentialSource = "env" SourceNone CredentialSource = "none" )
type CredentialStatus ¶
type CredentialStatus string
CredentialStatus represents the state of a credential.
const ( StatusConfigured CredentialStatus = "configured" StatusNotConfigured CredentialStatus = "not_configured" StatusEnvVar CredentialStatus = "env_var" )
type MockStore ¶
type MockStore struct {
// contains filtered or unexported fields
}
MockStore is an in-memory Store for testing.
func NewMockStore ¶
func NewMockStore(initial map[ServiceName]string) *MockStore
NewMockStore creates a MockStore with optional pre-set secrets.
func (*MockStore) Delete ¶
func (m *MockStore) Delete(service ServiceName) error
func (*MockStore) List ¶
func (m *MockStore) List() []CredentialInfo
type OSStore ¶
type OSStore struct {
// contains filtered or unexported fields
}
OSStore implements Store using the OS keychain with env var fallback.
func NewOSStore ¶
func NewOSStore() *OSStore
NewOSStore creates a Store backed by the OS keychain. If the keychain is not accessible (headless Linux, etc.), it falls back to env-var-only mode.
func (*OSStore) Delete ¶
func (s *OSStore) Delete(service ServiceName) error
func (*OSStore) List ¶
func (s *OSStore) List() []CredentialInfo
type ServiceName ¶
type ServiceName string
ServiceName identifies a credential service.
const ( ServiceAnthropic ServiceName = "anthropic" ServiceGoogleGemini ServiceName = "google-gemini" ServiceDevKnowledge ServiceName = "dev-knowledge" ServiceGitHubPAT ServiceName = "github-pat" ServiceSourcegraph ServiceName = "sourcegraph" ServiceSlack ServiceName = "slack-bot" ServiceDeepWikiDevin ServiceName = "deepwiki-devin" )
type Store ¶
type Store interface {
// Get returns the secret for a service. Checks keyring first, then env var.
// Returns ErrNotFound if the credential is not configured anywhere.
Get(service ServiceName) (string, error)
// Set stores a secret in the OS keyring.
Set(service ServiceName, value string) error
// Delete removes a secret from the OS keyring.
Delete(service ServiceName) error
// List returns status info for all known services (no secret values).
List() []CredentialInfo
// Available reports whether the OS keyring is accessible.
Available() bool
}
Store is the interface for credential storage.
Source Files