Documentation
¶
Overview ¶
Package credentials adapts cli-common/credstore to cr's command surface.
Index ¶
- Constants
- Variables
- func AllowedKeys() []string
- func BackendEnvVar() string
- func BackendMetadata(flagValue string, flagSet bool, cfg config.File) (credstore.Backend, credstore.Source, error)
- func ExpectedKeysForConfigRef(cfg config.File, ref string) ([]string, error)
- func FormatRef(profile string) (string, error)
- func KeyForPurpose(ref config.CredentialRef) (string, error)
- func LLMAPIKeyForProvider(provider config.LLMProvider) (string, error)
- func OpenStore(flagValue string, flagSet bool, cfg config.File) (*credstore.Store, error)
- func StoreOptions(flagValue string, flagSet bool, cfg config.File) (credstore.Options, error)
- func TrimSecretIngress(value string) string
- func ValidateAllowedKey(key string) error
- func ValidateAllowedKeyForConfig(cfg config.File, ref, key string) error
- type KeySpec
- type Ref
Constants ¶
const ( // ServiceName is the credential-ref service segment owned by cr. ServiceName = "codereview" // GitTokenKey stores the Git host access token for PAT auth. GitTokenKey = "git_token" // AnthropicAPIKeyKey stores the key name for Anthropic direct API adapters. // #nosec G101 -- this is a keyring item name, not a secret value. AnthropicAPIKeyKey = "anthropic_api_key" // OpenAIAPIKeyKey stores the key name for OpenAI direct API adapters. // #nosec G101 -- this is a keyring item name, not a secret value. OpenAIAPIKeyKey = "openai_api_key" // LegacyLLMAPIKeyKey is the pre-matrix generic key. It is intentionally // not in the v1 allowlist. // #nosec G101 -- this is a keyring item name, not a secret value. LegacyLLMAPIKeyKey = "llm_api_key" )
Variables ¶
var ( // ErrWrongService means a credential ref points at another CLI's keyring namespace. ErrWrongService = errors.New("credentials: credential ref uses wrong service") // ErrInvalidBackendSelection means a CLI/config backend selector was malformed. ErrInvalidBackendSelection = errors.New("credentials: invalid backend selection") )
Functions ¶
func BackendEnvVar ¶
func BackendEnvVar() string
BackendEnvVar returns cr's backend selector environment variable name.
func BackendMetadata ¶
func BackendMetadata(flagValue string, flagSet bool, cfg config.File) (credstore.Backend, credstore.Source, error)
BackendMetadata reports the selected backend/source without opening the store.
func ExpectedKeysForConfigRef ¶ added in v0.1.34
ExpectedKeysForConfigRef returns the sorted union of expected keys for supported declarations of ref across profiles. Unsupported matching declarations fail only when no supported declaration contributes keys. An undeclared ref returns nil.
func KeyForPurpose ¶
func KeyForPurpose(ref config.CredentialRef) (string, error)
KeyForPurpose returns the single required keyring key expected for a config credential ref.
func LLMAPIKeyForProvider ¶ added in v0.1.34
func LLMAPIKeyForProvider(provider config.LLMProvider) (string, error)
LLMAPIKeyForProvider returns the provider-specific key for API-key LLM auth.
func StoreOptions ¶
StoreOptions validates backend selectors and returns credstore options.
func TrimSecretIngress ¶
TrimSecretIngress removes the terminal newline produced by echo/heredocs without treating other whitespace as disposable.
func ValidateAllowedKey ¶
ValidateAllowedKey fails when key is not in cr's write allowlist.
Types ¶
type KeySpec ¶ added in v0.1.34
KeySpec describes one key in a declared credential bundle.
func KeySpecsForPurpose ¶ added in v0.1.34
func KeySpecsForPurpose(ref config.CredentialRef) ([]KeySpec, error)
KeySpecsForPurpose returns the exact keyring keys expected for a config credential ref.