Hare/yoi
1
1
Fork 0
Code Actions Packages Releases Activity

close: local secret store

Browse Source
This commit is contained in:
Keisuke Hirata 2026-06-01 07:23:54 +09:00
parent 629159a29f
commit 681a37905c
No known key found for this signature in database
5 changed files with 48 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
work-items/open/20260529-145355-manifest-profile-encrypted-secrets/artifacts/.gitkeep → work-items/closed/20260529-145355-manifest-profile-encrypted-secrets/artifacts/.gitkeep
View File

46
work-items/closed/20260529-145355-manifest-profile-encrypted-secrets/artifacts/resolution-20260531.md Normal file
View File

@ -0,0 +1,46 @@
Implemented and merged local key-value secret store support.
Merged commits:
- `cc2c9a2 secrets: add local key store`
- `7ddf745 secrets: polish key manager and docs`
- `629159a merge: local secret store`
Review:
- Review approved in `c9e48b3 review: approve local secret store`.
- Focused follow-up review approved the docs example and key-manager terminal cleanup polish.
Summary:
- Added a provider-independent local `id -> value` secret store under the user data directory.
- Added id validation, atomic persistence, and lightweight at-rest obfuscation consistent with the ticket's modest security target.
- Added `insomnia keys` interactive TUI management for listing ids, setting values with masked display, deleting with confirmation, and quitting without displaying plaintext values.
- Wired provider `secret_ref` auth through the store.
- Added WebSearch `api_key_secret` and removed normal WebSearch/provider credential env configuration.
- Updated bundled resources and docs to point users to `insomnia keys` plus explicit secret refs.
- Left Codex OAuth behavior unchanged.
Validation after merge:
- `cargo fmt --check` — passed
- `cargo test -p secrets` — passed
- `cargo test -p manifest secret --lib` — passed
- `cargo test -p provider secret --lib` — passed
- `cargo test -p tools web::tests::search_requires_configuration --lib` — passed
- `cargo test -p tools web::tests::searches_brave_with_secret_ref --lib` — passed
- `cargo test -p tools web::tests::searches_brave_with_bounded_output --lib` — passed
- `cargo test -p tui keys::tests --lib` — passed
- `cargo test -p insomnia parse_keys_subcommand --bin insomnia` — passed
- `cargo check -p manifest -p provider -p tools -p tui -p insomnia` — passed
- `./tickets.sh doctor` — passed
- `git diff --check` — passed
Credential/env grep:
- `api_key_env`, `BRAVE_SEARCH_API_KEY`, `INSOMNIA_API_KEY`, and `default_env_var` are absent from `crates docs resources` after the merge.
- Remaining `sk-`/`secret-value`/`test-secret` hits are fake test values, docs/comments, or Codex OAuth test fixtures, not new persisted real credentials.
Caveat:
- The store should continue to be described as local obfuscation / limited at-rest protection, not a high-assurance password manager.

0
work-items/open/20260529-145355-manifest-profile-encrypted-secrets/artifacts/review-20260531-secrets-implementation.md → work-items/closed/20260529-145355-manifest-profile-encrypted-secrets/artifacts/review-20260531-secrets-implementation.md
View File

4
work-items/open/20260529-145355-manifest-profile-encrypted-secrets/item.md → work-items/closed/20260529-145355-manifest-profile-encrypted-secrets/item.md
View File

@ -2,12 +2,12 @@
id: 20260529-145355-manifest-profile-encrypted-secrets
slug: manifest-profile-encrypted-secrets
title: Manifest/Profile: local key-value secret store
status: open
status: closed
kind: feature
priority: P2
labels: [manifest, profiles, secrets, security, cli, tui]
created_at: 2026-05-29T14:53:55Z
updated_at: 2026-05-31T22:21:04Z
updated_at: 2026-05-31T22:23:34Z
assignee: null
legacy_ticket: null
---

0
work-items/open/20260529-145355-manifest-profile-encrypted-secrets/thread.md → work-items/closed/20260529-145355-manifest-profile-encrypted-secrets/thread.md
View File