Expand description
Credential storage abstraction.
Two implementations:
KeyringCredentialStore- production-grade, OS-native (macOS Keychain, Windows Credential Manager, libsecret on Linux). Uses thekeyringcrate.InMemoryCredentialStore- for unit tests; thread-safe viaparking_lot.
The CredentialStore trait is the seam. CredentialResolver composes a
store with environment-variable fallback so existing env-var users keep
working during the keyring migration.
Structs§
- EnvFallback
Resolver - InMemory
Credential Store - Thread-safe in-memory store for tests.
- Keyring
Credential Store - Production credential store backed by the OS keyring, with an
auxiliary sidecar index that answers
exists()queries without touching the keychain.
Enums§
- Credential
Error - Credential
Kind - Discriminator for the kinds of credentials Flow Studio stores. Used as the account-name prefix so different secret kinds don’t collide on the same service entry.
Constants§
- SERVICE_
NAME - Service name registered with the OS keyring. All Flow Studio credentials
live under this service so
security find-generic-password(macOS) or equivalents on other platforms can list them in one place.
Traits§
- Credential
Resolver - Resolves a credential by trying the configured store first, then falling back to an environment variable. This preserves the v1 cloud-AI experience (env-var-only keys) while letting users migrate to the keyring at their own pace.
- Credential
Store - The seam between Flow code and the OS keyring (or a test double).