car-secrets
Cross-platform secret store for Common Agent Runtime.
What it does
Unifies OS-native secure storage across the three platforms CAR targets:
| Platform | Backend |
|---|---|
| macOS | Security.framework / Keychain Services |
| Windows | Credential Manager (DPAPI) |
| Linux | Secret Service — GNOME Keyring / KWallet / KeePassXC / anything speaking org.freedesktop.secrets |
The API is intentionally small: put, get, delete, status, list. Callers choose a service (namespace) and account (key); values are UTF-8 strings. JSON helpers are provided for structured values.
Availability
On headless Linux without a Secret Service daemon, put / get / delete return SecretError::Unavailable. There is no silent plaintext fallback. Callers should probe is_available() before relying on the store, or handle Unavailable with their own fallback.
Security boundary
Secrets never enter CAR memory, state, or prompt context unless a caller explicitly reads them and passes them into one of those systems. The store treats a missing backend as a hard error so misconfigured environments are loud, not silently insecure.
Where it fits
Surfaced via the WebSocket secret.* methods. Used by car-integrations for OAuth token storage and by any user app that needs to persist credentials gathered through its own auth flow.