keychain

package

v1.0.5 Latest Latest Go to latest Published: Apr 7, 2026 License: MIT Imports: 15 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/larksuite/cli

Links

Documentation ¶

Rendered for

Overview ¶

Package keychain provides cross-platform secure storage for secrets. macOS uses the system Keychain; Linux uses AES-256-GCM encrypted files; Windows uses DPAPI + registry.

Index ¶

Constants
Variables
func FormatAuthCmdline(args []string) string
func Get(service, account string) (string, error)
func LogAuthError(component, op string, err error)
func LogAuthResponse(path string, status int, logID string)
func Remove(service, account string) error
func Set(service, account, data string) error
func SetAuthLogHooksForTest(logger *log.Logger, now func() time.Time, args func() []string) func()
func StorageDir(service string) string
type KeychainAccess
- func Default() KeychainAccess

Constants ¶

View Source

const (
	// LarkCliService is the unified keychain service name for all secrets
	// (both AppSecret and UAT). Entries are distinguished by account key format:
	//   - AppSecret: "appsecret:<appId>"
	//   - UAT:       "<appId>:<userOpenId>"
	LarkCliService = "lark-cli"
)

Variables ¶

View Source

var (
	// ErrNotFound is returned when the requested credential is not found.
	ErrNotFound = errors.New("keychain: item not found")
)

Functions ¶

func FormatAuthCmdline ¶ added in v1.0.4

func FormatAuthCmdline(args []string) string

func Get ¶

func Get(service, account string) (string, error)

Get retrieves a value from the keychain. Returns empty string if the entry does not exist.

func LogAuthError ¶ added in v1.0.4

func LogAuthError(component, op string, err error)

func LogAuthResponse ¶ added in v1.0.4

func LogAuthResponse(path string, status int, logID string)

func Remove ¶

func Remove(service, account string) error

Remove deletes an entry from the keychain. No error if not found.

func Set ¶

func Set(service, account, data string) error

Set stores a value in the keychain, overwriting any existing entry.

func SetAuthLogHooksForTest ¶ added in v1.0.4

func SetAuthLogHooksForTest(logger *log.Logger, now func() time.Time, args func() []string) func()

func StorageDir ¶

func StorageDir(service string) string

StorageDir returns the directory where encrypted files are stored.

Types ¶

type KeychainAccess ¶

type KeychainAccess interface {
	Get(service, account string) (string, error)
	Set(service, account, value string) error
	Remove(service, account string) error
}

KeychainAccess abstracts keychain Get/Set/Remove for dependency injection. Used by AppSecret operations (ForStorage, ResolveSecretInput, RemoveSecretStore). UAT operations in token_store.go use the package-level Get/Set/Remove directly.

func Default ¶

func Default() KeychainAccess

Default returns a KeychainAccess backed by the real platform keychain.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL