Documentation
¶
Overview ¶
Package auth stores and resolves provider credentials. Resolution order (contract §7):
env var → OS keyring → 0600 XDG file fallback
Secrets are read from stdin/env, never argv. The keyring is restricted to OS-NATIVE backends (Keychain / Secret Service / WinCred) — never the passphrase-prompting file backend, which would deadlock a headless agent. When no OS backend exists we fall back to our own 0600 JSON file (and warn on loose perms), not an interactive keyring.
Index ¶
Constants ¶
const ( FieldAPIKey = "api_key" // third-party providers (SerpApi, Rainforest) FieldClientID = "client_id" // official Creators OAuth FieldClientSecret = "client_secret" // official Creators OAuth )
Credential field names.
Variables ¶
This section is empty.
Functions ¶
func Backend ¶
func Backend() string
Backend reports which store is active, for doctor/status display.
func EnvVar ¶
EnvVar returns the environment variable that overrides a stored credential, e.g. provider "serpapi" + FieldAPIKey → "RIVR_SERPAPI_API_KEY".
func InsecureFilePerms ¶
InsecureFilePerms reports whether the fallback credentials file has perms looser than 0600 (group/other bits set), for doctor to warn on.
Types ¶
This section is empty.