Expand description
Secret storage for CodeWhale API keys.
Provides a small abstraction (KeyringStore) plus a default
file-based implementation (FileKeyringStore), an opt-in OS keyring
implementation (DefaultKeyringStore), and an in-memory store for tests
(InMemoryKeyringStore).
Higher-level lookup through Secrets::resolve checks the secret store first
and falls back to environment variables. Config-file precedence lives in the
config crate so user-facing commands can keep config -> secret store -> env
explicit at the call site.
Structs§
- Default
Keyring Store - OS-native keyring backend.
- File
Keyring Store - JSON-on-disk secret store for headless environments.
- InMemory
Keyring Store - In-memory keyring store for tests.
- Secrets
- High-level facade combining a
KeyringStorewith environment variable fallbacks.
Enums§
- Secret
Source - Identifies which layer in the resolution chain supplied a secret.
- Secrets
Error - Errors that may arise from a
KeyringStorebackend.
Constants§
- DEFAULT_
SERVICE - Default OS keychain service name. Kept as
deepseekfor compatibility with credentials saved before the CodeWhale rename. macOS users can verify entries withsecurity find-generic-password -s deepseek -a <provider>. - LEGACY_
SECRET_ BACKEND_ ENV - Legacy alias for
SECRET_BACKEND_ENV. - SECRET_
BACKEND_ ENV - Select the secret storage backend. Supported values are
file(default) andsystem/keyringfor the OS credential store.
Traits§
- Keyring
Store - Abstract secret store trait.
Functions§
- env_for
- Map a canonical provider name to its environment variable(s), returning the first non-empty value found.