Expand description
Secret storage for DeepSeek API keys.
Provides a small abstraction (KeyringStore) plus a default
implementation backed by the OS keyring (DefaultKeyringStore),
a file-based fallback for headless Linux (FileKeyringStore), and
an in-memory store for tests (InMemoryKeyringStore).
Higher-level lookup goes through Secrets::resolve, which checks
the keyring first and falls back to environment variables. The
caller (typically the config crate) then falls back to plaintext
TOML if both are empty — that final layer lives outside this crate
so the precedence is explicit at the call site.
Hard rule: keyring → env → config-file. Never swap.
Structs§
- Default
Keyring Store - OS keyring backend (macOS Keychain, Windows Credential Manager, Linux Secret Service / kwallet).
- File
Keyring Store - JSON-on-disk fallback for headless environments without a Secret
Service / dbus. Stored at
<home>/.deepseek/secrets/secrets.jsonwith mode0600. - InMemory
Keyring Store - In-memory keyring (tests only).
- Secrets
- High-level façade combining a
KeyringStorewith environment variable fallbacks.
Enums§
- Secrets
Error - Errors that may arise from a
KeyringStorebackend.
Constants§
- DEFAULT_
SERVICE - Default OS keychain service name. macOS users can verify entries with
security find-generic-password -s deepseek -a <provider>.
Traits§
- Keyring
Store - Abstract secret store; concrete implementations may use the OS
keyring, a JSON file under
~/.deepseek/secrets/, or an in-memory map (tests).
Functions§
- env_for
- Map a canonical provider name to its environment variable, returning the value if non-empty.