car-secrets 0.24.1

Cross-platform secret store for Common Agent Runtime
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

# car-secrets

Cross-platform secret store for [Common Agent Runtime](https://github.com/Parslee-ai/car).

## What it does

Unifies OS-native secure storage across the three platforms CAR targets:

| Platform | Backend |
|----------|---------|
| macOS    | `/usr/bin/security` over Keychain Services |
| Windows  | Credential Manager (DPAPI) |
| Linux    | Secret Service — GNOME Keyring / KWallet / KeePassXC / anything speaking `org.freedesktop.secrets` |

The API is intentionally small: `put`, `get`, `delete`, `status`, `list`. Callers choose a `service` (namespace) and `account` (key); values are UTF-8 strings. JSON helpers are provided for structured values.

## Availability

On headless Linux without a Secret Service daemon, `put` / `get` / `delete` return `SecretError::Unavailable`. **There is no silent plaintext fallback.** Callers should probe `is_available()` before relying on the store, or handle `Unavailable` with their own fallback.

## Security boundary

Secrets never enter CAR memory, state, or prompt context unless a caller **explicitly** reads them and passes them into one of those systems. The store treats a missing backend as a hard error so misconfigured environments are loud, not silently insecure.

## Where it fits

Surfaced via the WebSocket `secret.*` methods. Used by `car-integrations` for OAuth token storage and by any user app that needs to persist credentials gathered through its own auth flow.

On macOS, `car-secrets` uses the Apple-signed `/usr/bin/security` helper for reads, writes, status checks, and deletes. Reads parse the helper's byte-preserving `-g` output so valid UTF-8 values, including trailing newlines, round-trip without repeated Keychain prompts when rebuilt CAR helper binaries get new CDHashes.