auth

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 24, 2026 License: MIT Imports: 6 Imported by: 0

Documentation

Overview

Package auth stores and resolves provider credentials. Resolution order (contract §7):

env var  →  OS keyring  →  0600 XDG file fallback

Secrets are read from stdin/env, never argv. The keyring is restricted to OS-NATIVE backends (Keychain / Secret Service / WinCred) — never the passphrase-prompting file backend, which would deadlock a headless agent. When no OS backend exists we fall back to our own 0600 JSON file (and warn on loose perms), not an interactive keyring.

Index

Constants

View Source
const (
	FieldAPIKey       = "api_key"       // third-party providers (SerpApi, Rainforest)
	FieldClientID     = "client_id"     // official Creators OAuth
	FieldClientSecret = "client_secret" // official Creators OAuth
)

Credential field names.

Variables

This section is empty.

Functions

func Backend

func Backend() string

Backend reports which store is active, for doctor/status display.

func Delete

func Delete(provider string) error

Delete removes ALL local credentials for a provider (keyring + file). Local only.

func EnvVar

func EnvVar(provider, field string) string

EnvVar returns the environment variable that overrides a stored credential, e.g. provider "serpapi" + FieldAPIKey → "RIVR_SERPAPI_API_KEY".

func Get

func Get(provider, field string) (string, error)

Get resolves a credential: env → keyring → file. Returns "" (no error) when unset.

func InsecureFilePerms

func InsecureFilePerms() (bool, string)

InsecureFilePerms reports whether the fallback credentials file has perms looser than 0600 (group/other bits set), for doctor to warn on.

func Set

func Set(provider, field, value string) error

Set persists a credential to the keyring, or the 0600 file fallback.

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL