Documentation
¶
Overview ¶
Package keychain provides cross-platform secure storage for secrets. macOS uses the system Keychain; Linux uses AES-256-GCM encrypted files; Windows uses DPAPI + registry.
Index ¶
Constants ¶
View Source
const ( // LarkCliService is the unified keychain service name for all secrets // (both AppSecret and UAT). Entries are distinguished by account key format: // - AppSecret: "appsecret:<appId>" // - UAT: "<appId>:<userOpenId>" LarkCliService = "lark-cli" )
Variables ¶
This section is empty.
Functions ¶
func Get ¶
Get retrieves a value from the keychain. Returns empty string if the entry does not exist.
func StorageDir ¶
StorageDir returns the storage directory for a given service name. Each service gets its own directory for physical isolation.
Types ¶
type KeychainAccess ¶
type KeychainAccess interface {
Get(service, account string) (string, error)
Set(service, account, value string) error
Remove(service, account string) error
}
KeychainAccess abstracts keychain Get/Set/Remove for dependency injection. Used by AppSecret operations (ForStorage, ResolveSecretInput, RemoveSecretStore). UAT operations in token_store.go use the package-level Get/Set/Remove directly.
func Default ¶
func Default() KeychainAccess
Default returns a KeychainAccess backed by the real platform keychain.
Source Files
Click to show internal directories.
Click to hide internal directories.