Expand description
Pluggable credential storage backends (keychain, file, auto). Injectable credential storage backends.
Auth providers persist credentials through the CredentialStorage trait
rather than talking to a keychain or the filesystem directly. This decouples
what is stored (a provider’s serialized token) from where it is stored,
so a single storage backend can be shared across providers and swapped out —
for tests, or to disable the system keychain on machines where it is
unavailable (headless Linux, WSL).
Backends map one-to-one onto CredentialStore modes:
FileStorage— unencrypted JSON under the config base directory. Always available; needs no system dependencies.KeyringStorage— the system keychain only (requires thepkce-authfeature and thekeyringcrate).AutoStorage— keychain with a transparent file fallback when the keychain backend is unavailable (requirespkce-auth).
default_storage picks a backend from the resolved
CredentialStore mode (CLI flag, env var,
config file, or the Keyring default); see crate::config.
Structs§
- Credential
Key - Identifies a single stored credential.
- File
Storage - Unencrypted file-based credential storage.
Traits§
- Credential
Storage - A pluggable place to persist a provider’s serialized credential.
Functions§
- default_
storage - Resolves the configured
CredentialStoreforapp_idand builds the matching backend. - storage_
for - Builds the credential storage backend for
mode.