rtb-credentials 0.5.1

Rust Tool Base — OS keychain credential storage.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67

//! Config-serialisable reference to a credential.

use secrecy::SecretString;
use serde::Deserialize;

/// Declarative reference to a credential that the [`Resolver`] walks
/// through the documented precedence chain:
/// `env` > `keychain` > `literal` > `fallback_env`.
///
/// Downstream tools carry this in their config structs, e.g.
///
/// ```
/// use rtb_credentials::CredentialRef;
///
/// #[derive(serde::Deserialize)]
/// struct AnthropicCfg {
///     api: CredentialRef,
/// }
/// ```
///
/// [`Resolver`]: crate::resolver::Resolver
/// `Serialize` is deliberately **not** derived: `SecretString` does
/// not implement `Serialize` (secrecy crate removed it to prevent
/// blind round-trip leaks). Tools writing credentials to config
/// should go through a dedicated "write secret" path that redacts
/// or skips the literal.
#[derive(Debug, Clone, Default, Deserialize)]
#[serde(deny_unknown_fields)]
pub struct CredentialRef {
    /// Name of an environment variable carrying the secret.
    /// Checked first.
    #[serde(default)]
    pub env: Option<String>,

    /// OS-keychain lookup descriptor. Checked second.
    #[serde(default)]
    pub keychain: Option<KeychainRef>,

    /// Literal secret embedded in config. Checked third. Refused
    /// when the process is running under `CI=true` (see
    /// [`CredentialError::LiteralRefusedInCi`]).
    ///
    /// Note: `SecretString` round-trips through serde with the
    /// secrecy crate's `serde` feature. The raw value is zeroed on
    /// drop and redacted in `Debug`.
    ///
    /// [`CredentialError::LiteralRefusedInCi`]: crate::error::CredentialError::LiteralRefusedInCi
    #[serde(default)]
    pub literal: Option<SecretString>,

    /// Name of an ecosystem-default env var used as a last-chance
    /// fallback (e.g. `ANTHROPIC_API_KEY`). Checked last.
    #[serde(default)]
    pub fallback_env: Option<String>,
}

/// Reference to an entry in an OS keychain.
#[derive(Debug, Clone, Deserialize, serde::Serialize)]
#[serde(deny_unknown_fields)]
pub struct KeychainRef {
    /// Keychain "service" / collection name — typically the tool's
    /// name (`mytool`) or a provider identifier (`anthropic`).
    pub service: String,
    /// Account / username component — typically the user's login or
    /// an API-provider identifier (`default`).
    pub account: String,
}