Hunter Bown
f3ada0be88
Adds the `deepseek-secrets` crate with the OS keyring backend, in-memory store for tests, and a JSON-on-disk fallback for headless environments. The Secrets façade collapses keyring -> env into a single resolver; callers layer on CLI flags above and TOML config below to preserve the keyring -> env -> config-file precedence. * `KeyringStore` trait + `DefaultKeyringStore` (keyring 3.6 with per-platform native features). * `InMemoryKeyringStore` for unit tests. * `FileKeyringStore` writes ~/.deepseek/secrets/secrets.json with mode 0600 on unix; rejects world-readable files at read time. * `Secrets::auto_detect` probes the OS keyring and falls back to the file store on headless Linux. * 9 unit tests covering round-trips, precedence, and 0600 perms. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
27 lines
799 B
TOML
27 lines
799 B
TOML
[package]
|
|
name = "deepseek-secrets"
|
|
version.workspace = true
|
|
edition.workspace = true
|
|
license.workspace = true
|
|
repository.workspace = true
|
|
description = "Secret storage backends (OS keyring with file fallback) for DeepSeek workspace"
|
|
|
|
[dependencies]
|
|
serde = { workspace = true }
|
|
serde_json = { workspace = true }
|
|
thiserror = { workspace = true }
|
|
tracing = { workspace = true }
|
|
dirs = { workspace = true }
|
|
|
|
[target.'cfg(target_os = "macos")'.dependencies]
|
|
keyring = { version = "3", features = ["apple-native"] }
|
|
|
|
[target.'cfg(target_os = "windows")'.dependencies]
|
|
keyring = { version = "3", features = ["windows-native"] }
|
|
|
|
[target.'cfg(target_os = "linux")'.dependencies]
|
|
keyring = { version = "3", features = ["linux-native-sync-persistent", "crypto-rust"] }
|
|
|
|
[dev-dependencies]
|
|
tempfile = "3.16"
|