Documentation
¶
Overview ¶
Package keyring wraps the zalando/go-keyring package with timeouts and provides a service-credential registry for fetching, parsing, and validating secrets stored in the OS keychain.
Raw operations (Set, Get, Delete) live in this file. Service definitions and the generic pipeline live in service.go. Per-service types and accessors live in their own files (e.g. claude_code.go).
TODO: Give attribution to gh authors
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // ErrTokenExpired indicates the credential's expiry timestamp is in the past. ErrTokenExpired = errors.New("token has expired") // ErrInvalidSchema indicates the raw keyring value could not be parsed into the // expected credential struct (e.g. malformed JSON). ErrInvalidSchema = errors.New("credential data does not match expected schema") // ErrEmptyCredential indicates the keyring entry exists but contains an empty value. ErrEmptyCredential = errors.New("credential is empty") )
Sentinel errors returned by the service-credential pipeline.
var ErrNotFound = errors.New("secret not found in keyring")
ErrNotFound is returned when no secret exists for the given service+user.
Functions ¶
func MockInitWithError ¶
func MockInitWithError(err error)
MockInitWithError sets up an in-memory keyring backend that returns err for every operation.
Types ¶
type ClaudeAiOauth ¶
type ClaudeAiOauth struct {
AccessToken string `json:"accessToken"`
RefreshToken string `json:"refreshToken"`
ExpiresAt int64 `json:"expiresAt"`
Scopes []string `json:"scopes"`
SubscriptionType string `json:"subscriptionType"`
RateLimitTier string `json:"rateLimitTier"`
}
ClaudeAiOauth contains the OAuth token fields within ClaudeCodeCredentials.
type ClaudeCodeCredentials ¶
type ClaudeCodeCredentials struct {
ClaudeAiOauth ClaudeAiOauth `json:"claudeAiOauth"`
OrganizationUUID uuid.UUID `json:"organizationUuid"`
}
ClaudeCodeCredentials is the top-level JSON schema stored in the OS keychain by Claude Code under the service name "Claude Code-credentials".
func GetClaudeCodeCredentials ¶
func GetClaudeCodeCredentials() (*ClaudeCodeCredentials, error)
GetClaudeCodeCredentials fetches, parses, and validates the current user's Claude Code credentials from the OS keychain.
type ServiceDef ¶
type ServiceDef[T any] struct { // ServiceName is the keyring service identifier (e.g. "Claude Code-credentials"). ServiceName string // User returns the keyring username for this service. // Most services use currentOSUser; some may hard-code or derive a value. User func() (string, error) // Parse converts the raw keyring string into a typed credential. // Return an error if the data does not match the expected schema. Parse func(raw string) (*T, error) // Validate performs service-specific checks on the parsed credential // (e.g. expiry). Nil means no validation. Validate func(*T) error }
ServiceDef describes how to fetch, parse, and validate a credential of type T.
Each service (Claude Code, GitHub CLI, etc.) defines one of these as a package-level var and exposes a thin public function that calls getCredential.
type TimeoutError ¶
type TimeoutError struct {
// contains filtered or unexported fields
}
TimeoutError is returned when a keyring operation exceeds the deadline.
func (*TimeoutError) Error ¶
func (e *TimeoutError) Error() string
Source Files