dynamic_grounding_for_github_copilot 0.1.0

//! Example: Secure API key handling
//!
//! This example demonstrates best practices for handling API keys securely.

use dynamic_grounding_for_github_copilot::api_key::{ApiKeyProvider, SecureString};
use dynamic_grounding_for_github_copilot::error;
use std::sync::Arc;

#[tokio::main]
async fn main() -> anyhow::Result<()> {
    // Example 1: Loading from environment variable (recommended)
    println!("Example 1: Environment variable");
    if let Ok(key) = std::env::var("GEMINI_API_KEY") {
        let secure_key = SecureString::new(key);
        println!("✓ API key loaded (length: {})", secure_key.as_str().len());
        // secure_key will be automatically zeroed when it goes out of scope
    } else {
        println!("✗ GEMINI_API_KEY not set");
    }

    // Example 2: Using the SecureString type
    println!("\nExample 2: SecureString");
    {
        let key = SecureString::new("AIzaSyTest123".to_string());
        println!("Key in scope: {} characters", key.as_str().len());
        // Don't print the actual key!
        // println!("Key: {}", key.as_str()); // NEVER DO THIS!
    } // key is now zeroed from memory

    println!("Key out of scope (memory zeroed)");

    // Example 3: Custom API key provider
    println!("\nExample 3: Custom provider");
    struct ConfigFileProvider {
        key: String,
    }

    #[async_trait::async_trait]
    impl ApiKeyProvider for ConfigFileProvider {
        async fn get_key(&self) -> error::Result<SecureString> {
            // In a real implementation, you might:
            // - Read from an encrypted config file
            // - Fetch from a secret management service
            // - Prompt the user securely
            Ok(SecureString::new(self.key.clone()))
        }
    }

    let provider = Arc::new(ConfigFileProvider {
        key: "AIzaSyExample".to_string(),
    });

    let key = provider.get_key().await?;
    println!("✓ Retrieved key from custom provider");
    drop(key); // Explicitly drop to zero memory

    println!("\n⚠️ Security reminders:");
    println!("  1. Never commit API keys to version control");
    println!("  2. Never log or print API keys");
    println!("  3. Use SecureString to zero keys from memory");
    println!("  4. Rotate keys regularly");
    println!("  5. Use environment variables or secret managers");

    Ok(())
}