Expand description
Cross-platform secret store for Common Agent Runtime.
Unifies OS-native secure storage across the three platforms CAR targets:
- macOS —
/usr/bin/securityover Keychain Services - Windows — Credential Manager (DPAPI)
- Linux — Secret Service (GNOME Keyring / KWallet / KeePassXC /
anything else that speaks
org.freedesktop.secrets)
The API is intentionally small: put, get, delete, status, list.
Callers choose a namespace (service) and a key (account); values are
UTF-8 strings. JSON helpers are provided for structured values.
§Availability
On headless Linux without a Secret Service daemon, put/get/delete
return SecretError::Unavailable. This is explicit: there is no silent
plaintext fallback. Callers should probe [is_available] before relying on
the store, or handle Unavailable with their own fallback.
§Security boundary
Secrets never enter CAR memory, state, or prompt context unless a caller explicitly reads them and passes them into one of those systems. The store treats a missing backend as a hard error so misconfigured environments are loud, not silently insecure.
Structs§
- Availability
Check - Result of
SecretStore::availability—availablemirrors whatis_availablereturns, andreasoncarries the platform-specific detail (e.g. “no Secret Service daemon”, “keychain locked”) so the FFI surface can report an actionable message instead of a bare boolean. - Secret
Ref - Logical handle for a secret — (service, key) pair.
- Secret
Status - Status of an entry — no value data, safe to log.
- Secret
Store - Cross-platform secret store backed by the host OS keychain.
Enums§
- Secret
Error - Errors the secret store can produce.
Constants§
- DEFAULT_
SERVICE - Default service (namespace) used when callers don’t supply one.
Functions§
- resolve_
env_ or_ keychain - Resolve a raw key value for
env_varfrom the standard CAR sources, in priority order: