Struct FileKeyringStore 

pub struct FileKeyringStore { /* private fields */ }

JSON-on-disk secret store for headless environments.

This is the default backend. Secrets are serialised as a JSON object at <home>/.codewhale/secrets/secrets.json with Unix file mode 0600 (owner read/write only). The parent directory is created with mode 0700 if it does not exist.

On Unix, the store rejects files whose permissions are more permissive than 0600 (i.e. group or world bits are set). This prevents other users on the system from reading stored credentials. On Windows, the ACL model is too different to enforce programmatically; callers are responsible for placing the file in a per-user directory.

Implementations

impl FileKeyringStore

pub fn new(path: impl Into<PathBuf>) -> Self

Build a store backed by the given JSON file path.

pub fn default_path() -> Result<PathBuf, SecretsError>

Default path: <home>/.codewhale/secrets/secrets.json. Honours CODEWHALE_HOME, then HOME, USERPROFILE, and finally the platform home directory from the dirs crate. On first use, non-conflicting entries from the legacy <home>/.deepseek/secrets/secrets.json file are copied into the CodeWhale store.

pub fn path(&self) -> &Path

Path used for storage.

Trait Implementations

impl Clone for FileKeyringStore

fn clone(&self) -> FileKeyringStore

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for FileKeyringStore

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl KeyringStore for FileKeyringStore

fn get(&self, key: &str) -> Result<Option<String>, SecretsError>

Read a secret by key.

fn set(&self, key: &str, value: &str) -> Result<(), SecretsError>

Write a secret, replacing any existing value for the same key.

fn delete(&self, key: &str) -> Result<(), SecretsError>

Remove a secret by key.

fn backend_name(&self) -> &'static str

Short, human-readable label for this backend.