Expand description
Secret storage for DeepSeek API keys.
Provides a small abstraction (KeyringStore) plus a default
implementation backed by the OS keyring (DefaultKeyringStore),
a file-based fallback for headless or unsupported platforms
(FileKeyringStore), and an in-memory store for tests
(InMemoryKeyringStore).
Higher-level lookup through Secrets::resolve checks the keyring first
and falls back to environment variables. Config-file precedence lives in the
config crate so user-facing commands can keep config -> keyring -> env
explicit at the call site.
Structs§
- Default
Keyring Store - OS keyring backend (macOS Keychain, Windows Credential Manager,
Linux Secret Service / kwallet). On platforms without a configured
native keyring dependency, probing this backend returns an unsupported
error so
Secrets::auto_detectcan fall back toFileKeyringStore. - File
Keyring Store - JSON-on-disk fallback for headless environments without a Secret
Service / dbus. Stored at
<home>/.deepseek/secrets/secrets.jsonwith mode0600. - InMemory
Keyring Store - In-memory keyring (tests only).
- Secrets
- High-level façade combining a
KeyringStorewith environment variable fallbacks.
Enums§
- Secret
Source - Source layer that provided a resolved secret.
- Secrets
Error - Errors that may arise from a
KeyringStorebackend.
Constants§
- DEFAULT_
SERVICE - Default OS keychain service name. macOS users can verify entries with
security find-generic-password -s deepseek -a <provider>.
Traits§
- Keyring
Store - Abstract secret store; concrete implementations may use the OS
keyring, a JSON file under
~/.deepseek/secrets/, or an in-memory map (tests).
Functions§
- env_for
- Map a canonical provider name to its environment variable, returning the value if non-empty.