Skip to main content

Crate devboy_storage

Crate devboy_storage 

Source
Expand description

Secure credential storage with multiple backends.

This crate provides credential storage with support for:

  • OS Keychain: macOS Keychain, Windows Credential Manager, Linux Secret Service
  • Environment Variables: For CI/CD and containerized environments
  • Chain Store: Composable fallback between multiple backends

§Credential Resolution Order

When using ChainStore::default_chain(), credentials are resolved in this order:

  1. Environment variables (highest priority, for CI/CD)
    • DEVBOY_{PROVIDER}_TOKEN (e.g., DEVBOY_GITHUB_TOKEN)
    • {PROVIDER}_TOKEN (fallback, e.g., GITHUB_TOKEN)
  2. OS Keychain (for local development)

§Example

use devboy_storage::{ChainStore, CredentialStore};

// Use the default chain (env vars -> keychain)
let store = ChainStore::default_chain();

// This will check DEVBOY_GITHUB_TOKEN, then GITHUB_TOKEN,
// then keychain for "github.token"
let token = store.get("github.token")?;

// Or use keychain directly for local development
use devboy_storage::KeychainStore;
let keychain = KeychainStore::new();
keychain.store("gitlab.token", "glpat-xxx")?;

Re-exports§

pub use cache::CachedStore;

Modules§

cache
In-memory TTL cache layer on top of a CredentialStore.

Structs§

ChainStore
Composable credential store that chains multiple backends.
EnvVarStore
Environment-variable-backed credential store.
KeychainStore
Credential store using the OS keychain.
MemoryStore
In-memory credential store for testing.

Traits§

CredentialStore
Credential storage trait.

Functions§

build_default_store
Build the default credential chain, optionally wrapping the whole thing in a TTL cache. Call this from host binaries (CLI, MCP server entrypoint) so the cache configuration stays consistent.
email_key
Standard credential key for a provider’s email (used by Jira).
token_key
Standard credential key for a provider’s API token.
wrap_with_cache
Build a store on top of a user-provided backend (mainly useful for CI variants or custom test harnesses). Same cache semantics as build_default_store.