Expand description
Credential store for pakx login / pakx publish / pakx whoami.
Storage: ~/.pakx/credentials.json (per-user, lazily created). One
struct per known registry — a single user can be logged in to
multiple pakx-registry deployments at once, keyed by base URL.
File permissions: on unix the file is created with mode 0600 at
the open call (not as a post-write chmod) — the previous
std::fs::write then set_permissions flow briefly exposed the
token at the default umask (typically 0o644), readable by any
other local user on a multi-user box.
Atomicity: the body is written to credentials.json.tmp and
renamed into place so a crash mid-write does not leave a
half-written file. On Windows we still rely on the user-profile
ACL — pakx does not mutate ACLs to keep the implementation
portable.
Structs§
- Credentials
- Entry
deny_unknown_fields: a typo incredentials.jsonsurfaces.