credentials

package
v0.10.234 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 10, 2026 License: MIT Imports: 16 Imported by: 0

Documentation

Overview

Package credentials adapts cli-common/credstore to cr's command surface.

Index

Constants

View Source
const (
	// ServiceName is the credential-ref service segment owned by cr.
	ServiceName = "codereview"

	// BackendSourceCredentialStore records that an explicit credential-store
	// destination selected the active credential backend.
	// #nosec G101 -- this is a backend source label, not a secret value.
	BackendSourceCredentialStore credstore.Source = "credential_store"

	// GitTokenKey stores the Git host access token for PAT auth.
	GitTokenKey = "git_token"
	// GitHubAppIDKey is a removed legacy key name. App IDs now belong to
	// non-secret config, not credential bundles.
	// #nosec G101 -- this is a keyring item name, not a secret value.
	GitHubAppIDKey = "github_app_id"
	// GitHubAppPrivateKeyKey stores the GitHub App PEM private key.
	// #nosec G101 -- this is a keyring item name, not a secret value.
	GitHubAppPrivateKeyKey = "github_app_private_key"
	// GitHubAppInstallationIDKey is a removed legacy key name. Installation
	// routing now belongs to review profile config, not credential bundles.
	// #nosec G101 -- this is a keyring item name, not a secret value.
	GitHubAppInstallationIDKey = "github_app_installation_id"
	// AnthropicAPIKeyKey stores the key name for Anthropic direct API adapters.
	// #nosec G101 -- this is a keyring item name, not a secret value.
	AnthropicAPIKeyKey = "anthropic_api_key"
	// OpenAIAPIKeyKey stores the key name for OpenAI direct API adapters.
	// #nosec G101 -- this is a keyring item name, not a secret value.
	OpenAIAPIKeyKey = "openai_api_key"
	// LegacyLLMAPIKeyKey is the pre-matrix generic key. It is intentionally
	// not in the v1 allowlist.
	// #nosec G101 -- this is a keyring item name, not a secret value.
	LegacyLLMAPIKeyKey = "llm_api_key"
)
View Source
const DefaultOnePasswordDiscoveryCommandTimeout = 30 * time.Second

DefaultOnePasswordDiscoveryCommandTimeout bounds each 1Password CLI discovery command.

Variables

View Source
var (
	// ErrWrongService means a credential name points at another CLI's keyring namespace.
	ErrWrongService = errors.New("credentials: credential name uses wrong service")
	// ErrInvalidBackendSelection means a CLI/config backend selector was malformed.
	ErrInvalidBackendSelection = errors.New("credentials: invalid backend selection")
)

Functions

func AllowedKeys

func AllowedKeys() []string

AllowedKeys is cr's keyring write allowlist.

func BackendEnvVar

func BackendEnvVar() string

BackendEnvVar returns cr's backend selector environment variable name.

func BackendMetadata

func BackendMetadata(flagValue string, flagSet bool, cfg config.File) (credstore.Backend, credstore.Source, error)

BackendMetadata reports the selected backend/source without opening the store.

func ExpectedKeysForConfigRef added in v0.1.34

func ExpectedKeysForConfigRef(cfg config.File, ref string) ([]string, error)

ExpectedKeysForConfigRef returns the sorted union of expected keys for supported declarations of ref across profiles. Unsupported matching declarations fail only when no supported declaration contributes keys. An undeclared ref returns nil.

func FindExecutable added in v0.10.234

func FindExecutable(name string, lookPath ExecutableLookPath) (string, error)

FindExecutable resolves an executable with the supplied lookup or os/exec by default.

func FormatRef

func FormatRef(profile string) (string, error)

FormatRef returns the canonical ref for a cr profile segment.

func KeyForPurpose

func KeyForPurpose(ref config.CredentialRef) (string, error)

KeyForPurpose returns the single required keyring key expected for a configured credential location.

func LLMAPIKeyForProvider added in v0.1.34

func LLMAPIKeyForProvider(provider config.LLMProvider) (string, error)

LLMAPIKeyForProvider returns the provider-specific key for API-key LLM auth.

func MissingRequiredKeys added in v0.3.101

func MissingRequiredKeys(status CredentialStatus) []string

MissingRequiredKeys reports required keys that are known-missing.

func OpenResolvedStore added in v0.3.148

func OpenResolvedStore(_ string, flagSet bool, cfg config.File, resolved ResolvedSecretsProfile) (*credstore.Store, error)

OpenResolvedStore opens the resolved service-scoped keyring store.

func OpenStore

func OpenStore(flagValue string, flagSet bool, cfg config.File) (*credstore.Store, error)

OpenStore opens the service-scoped keyring store.

func PlatformOSBackend added in v0.6.174

func PlatformOSBackend(goos string) (credstore.Backend, error)

PlatformOSBackend returns the non-configurable OS credential backend for goos.

func ProbeDetailForError added in v0.10.234

func ProbeDetailForError(err error, status ProbeStatus) string

ProbeDetailForError returns the stable user-facing detail for a probe error.

func RequiredKeysSatisfied added in v0.3.101

func RequiredKeysSatisfied(status CredentialStatus) bool

RequiredKeysSatisfied reports whether every required key is known-present.

func StoreOptions

func StoreOptions(flagValue string, flagSet bool, _ config.File) (credstore.Options, error)

StoreOptions validates backend selectors and returns credstore options.

func StoreOptionsForResolvedStore added in v0.6.174

func StoreOptionsForResolvedStore(flagSet bool, cfg config.File, resolved ResolvedSecretsProfile) (credstore.Options, error)

StoreOptionsForResolvedStore builds credstore options for one resolved credential store.

func TrimSecretIngress

func TrimSecretIngress(value string) string

TrimSecretIngress removes the terminal newline produced by echo/heredocs without treating other whitespace as disposable.

func ValidateAllowedKey

func ValidateAllowedKey(key string) error

ValidateAllowedKey fails when key is not in cr's write allowlist.

func ValidateAllowedKeyForConfig added in v0.1.34

func ValidateAllowedKeyForConfig(cfg config.File, ref, key string) error

ValidateAllowedKeyForConfig validates key globally and, when ref is declared in cfg, against the exact key set for that ref.

Types

type CredentialStatus added in v0.3.101

type CredentialStatus struct {
	Purpose  string
	Ref      string
	Mode     string
	Provider string
	Keys     []KeyStatus
}

CredentialStatus reports declared ref context and per-key presence state.

func CredentialRefStatus added in v0.3.101

func CredentialRefStatus(store KeyStatusStore, ref config.CredentialRef, storeErr error) (CredentialStatus, error)

CredentialRefStatus returns per-key presence state for one declared ref.

func CredentialStatuses added in v0.3.101

func CredentialStatuses(store KeyStatusStore, refs []config.CredentialRef, storeErr error) ([]CredentialStatus, error)

CredentialStatuses returns per-ref, per-key presence state for declared refs.

type ExecutableLookPath added in v0.10.234

type ExecutableLookPath func(string) (string, error)

ExecutableLookPath resolves an executable name.

type KeySpec added in v0.1.34

type KeySpec struct {
	Key      string
	Required bool
}

KeySpec describes one key in a declared credential bundle.

func KeySpecsForPurpose added in v0.1.34

func KeySpecsForPurpose(ref config.CredentialRef) ([]KeySpec, error)

KeySpecsForPurpose returns the exact keyring keys expected for a configured credential location.

type KeyStatus added in v0.3.101

type KeyStatus struct {
	Key      string
	Required bool
	Present  *bool
	Status   string
	Error    string
}

KeyStatus reports the presence state for one declared keyring key.

type KeyStatusStore added in v0.3.101

type KeyStatusStore interface {
	Exists(profile, key string) (bool, error)
}

KeyStatusStore is the read-only store surface needed for credential health inspection.

type OnePasswordCommandRunner added in v0.10.234

type OnePasswordCommandRunner func(context.Context, string, ...string) ([]byte, error)

OnePasswordCommandRunner executes a 1Password CLI command and returns its stdout.

type OnePasswordDesktopDiscovery added in v0.10.234

type OnePasswordDesktopDiscovery struct {
	Accounts []OnePasswordDiscoveredAccount
	Err      error
}

OnePasswordDesktopDiscovery contains discovered 1Password accounts or the account-list error.

func (OnePasswordDesktopDiscovery) AccountChoiceCount added in v0.10.234

func (d OnePasswordDesktopDiscovery) AccountChoiceCount() int

AccountChoiceCount returns the number of displayable discovered accounts.

func (OnePasswordDesktopDiscovery) Counts added in v0.10.234

func (d OnePasswordDesktopDiscovery) Counts() (int, int)

Counts returns the discovered account and vault counts.

func (OnePasswordDesktopDiscovery) HasAccountChoices added in v0.10.234

func (d OnePasswordDesktopDiscovery) HasAccountChoices() bool

HasAccountChoices reports whether discovery returned a displayable account.

func (OnePasswordDesktopDiscovery) HasVaultChoices added in v0.10.234

func (d OnePasswordDesktopDiscovery) HasVaultChoices() bool

HasVaultChoices reports whether any account has a discovered vault.

type OnePasswordDiscoveredAccount added in v0.10.234

type OnePasswordDiscoveredAccount struct {
	ID        string
	Name      string
	URL       string
	Shorthand string
	Email     string
	Vaults    []OnePasswordDiscoveredVault
}

OnePasswordDiscoveredAccount describes an account returned by the 1Password CLI.

func (OnePasswordDiscoveredAccount) CommandValue added in v0.10.234

func (a OnePasswordDiscoveredAccount) CommandValue() string

CommandValue returns the best account identifier for an op --account argument.

func (OnePasswordDiscoveredAccount) DisplayName added in v0.10.234

func (a OnePasswordDiscoveredAccount) DisplayName() string

DisplayName returns the best human-readable account identifier.

func (OnePasswordDiscoveredAccount) Label added in v0.10.234

Label returns the account's display label.

type OnePasswordDiscoveredVault added in v0.10.234

type OnePasswordDiscoveredVault struct {
	ID   string
	Name string
}

OnePasswordDiscoveredVault describes a vault returned by the 1Password CLI.

func ParseOnePasswordVaults added in v0.10.234

func ParseOnePasswordVaults(data []byte) ([]OnePasswordDiscoveredVault, error)

ParseOnePasswordVaults decodes and orders a 1Password CLI vault list.

func (OnePasswordDiscoveredVault) DisplayName added in v0.10.234

func (v OnePasswordDiscoveredVault) DisplayName() string

DisplayName returns the vault name, falling back to its ID.

type OnePasswordDiscovery added in v0.10.234

type OnePasswordDiscovery struct {
	// contains filtered or unexported fields
}

OnePasswordDiscovery discovers desktop-app accounts and vaults through the 1Password CLI.

func NewOnePasswordDiscovery added in v0.10.234

func NewOnePasswordDiscovery(run OnePasswordCommandRunner, timeout time.Duration) OnePasswordDiscovery

NewOnePasswordDiscovery builds a 1Password CLI discovery probe. A nil runner uses os/exec, and a non-positive timeout uses the default.

func (OnePasswordDiscovery) DiscoverDesktop added in v0.10.234

DiscoverDesktop lists 1Password accounts and the accessible vaults in each account.

type ProbeStatus added in v0.10.234

type ProbeStatus string

ProbeStatus classifies credential-backend discovery outcomes.

const (
	// ProbeAvailable means a credential backend probe succeeded.
	ProbeAvailable ProbeStatus = "available"
	// ProbeNotFound means the probed executable or resource was not found.
	ProbeNotFound ProbeStatus = "not found"
	// ProbeSkipped means discovery policy disabled the probe.
	ProbeSkipped ProbeStatus = "skipped"
	// ProbeUnavailable means the probe failed for another reason.
	ProbeUnavailable ProbeStatus = "unavailable"
)

func ProbeStatusForError added in v0.10.234

func ProbeStatusForError(err error) ProbeStatus

ProbeStatusForError classifies a credential-backend probe error.

type Reader added in v0.10.209

type Reader interface {
	Get(profile, key string) (string, error)
}

Reader is the minimal read-only credential surface used by runtime consumers.

func CachingReader added in v0.10.209

func CachingReader(storeID string, base Reader) Reader

CachingReader wraps one underlying reader with a process-local read-through cache. Runtime assembly creates one wrapper per resolved store, so cache entries are isolated by reader instance and keyed by profile/key within that instance.

func NewStoreReader added in v0.10.209

func NewStoreReader(store *credstore.Store) Reader

NewStoreReader adapts a credstore-backed implementation to the read-only seam.

func ProgressCachingReader added in v0.10.209

func ProgressCachingReader(command string, logger *progress.Logger, storeID string, resolved ResolvedSecretsProfile, base Reader) Reader

ProgressCachingReader wraps a caching reader with cache hit/miss breadcrumbs.

func ProgressStoreReader added in v0.10.209

func ProgressStoreReader(command string, logger *progress.Logger, resolved ResolvedSecretsProfile, store *credstore.Store) Reader

ProgressStoreReader adapts a credstore-backed reader and logs backend reads.

type Ref

type Ref struct {
	Service string
	Profile string
	Full    string
}

Ref is a parsed cr credential name.

func ParseRef

func ParseRef(ref string) (Ref, error)

ParseRef validates ref with the shared grammar and cr's service segment.

type ResolvedSecretsProfile added in v0.3.148

type ResolvedSecretsProfile struct {
	ID              string
	Label           string
	Backend         string
	Source          config.EffectiveSecretsProfileSource
	SelectionSource SecretsProfileSelectionSource
}

ResolvedSecretsProfile is the typed runtime store-selection result.

func ResolveCredentialStore added in v0.6.174

func ResolveCredentialStore(cfg config.File, storeID string) (ResolvedSecretsProfile, error)

ResolveCredentialStore resolves one explicit credential-store ID.

func ResolveSecretsProfileForProfile added in v0.3.148

func ResolveSecretsProfileForProfile(cfg config.File, profile config.Profile) (ResolvedSecretsProfile, error)

ResolveSecretsProfileForProfile resolves the effective credential store for one review profile.

func ResolveSecretsProfileForRef added in v0.3.148

func ResolveSecretsProfileForRef(cfg config.File, ref string, selectedProfile string) (ResolvedSecretsProfile, error)

ResolveSecretsProfileForRef resolves the effective credential store for a low-level credential-name write/read, optionally narrowed by the global --profile selection.

func (ResolvedSecretsProfile) DisplayName added in v0.3.148

func (r ResolvedSecretsProfile) DisplayName() string

DisplayName returns the best user-facing label for the resolved store.

func (ResolvedSecretsProfile) Equal added in v0.3.148

Equal reports whether two resolved secrets-profile selections point at the same logical credential store.

func (ResolvedSecretsProfile) IsNamed added in v0.3.148

func (r ResolvedSecretsProfile) IsNamed() bool

IsNamed reports whether the selection came from an explicit named secrets profile.

type SecretsProfileSelectionSource added in v0.3.148

type SecretsProfileSelectionSource string

SecretsProfileSelectionSource identifies why a credential store was selected.

const (
	// SecretsProfileSelectionExplicit means the credential location selected a
	// configured store directly.
	SecretsProfileSelectionExplicit SecretsProfileSelectionSource = "profile"
	// SecretsProfileSelectionBuiltInOS means the credential location selected
	// the built-in OS credential store.
	SecretsProfileSelectionBuiltInOS SecretsProfileSelectionSource = "local_os"
)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL