Expand description
Credential loading and management for reverse proxy mode.
Loads API credentials from the system keystore or 1Password at proxy startup.
Credentials are stored in Zeroizing<String> and injected into
requests via headers, URL paths, query parameters, or Basic Auth.
The sandboxed agent never sees the real credentials.
Route-level configuration (upstream URL, L7 endpoint rules, custom TLS CA)
is handled by crate::route::RouteStore, which loads independently of
credentials. This module handles only credential-specific concerns.
Structsยง
- Credential
Store - Credential store for all configured routes.
- Loaded
Credential - A loaded credential ready for injection.
- OAuth2
Route - An OAuth2 route entry: token cache + upstream URL.