Josh Knapp
da078af73f
API key auth only provides short-lived session tokens (8hrs or until session restart) with no refresh mechanism, unlike OAuth which persists via .credentials.json. Remove the non-functional API key settings UI and all supporting code (frontend state, Tauri commands, keyring storage, container env var injection, and fingerprint-based recreation checks) to avoid user confusion. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
46 lines
1.8 KiB
Rust
46 lines
1.8 KiB
Rust
/// Store a per-project secret in the OS keychain.
|
|
pub fn store_project_secret(project_id: &str, key_name: &str, value: &str) -> Result<(), String> {
|
|
let service = format!("triple-c-project-{}-{}", project_id, key_name);
|
|
let entry = keyring::Entry::new(&service, "secret")
|
|
.map_err(|e| format!("Keyring error: {}", e))?;
|
|
entry
|
|
.set_password(value)
|
|
.map_err(|e| format!("Failed to store project secret '{}': {}", key_name, e))
|
|
}
|
|
|
|
/// Retrieve a per-project secret from the OS keychain.
|
|
pub fn get_project_secret(project_id: &str, key_name: &str) -> Result<Option<String>, String> {
|
|
let service = format!("triple-c-project-{}-{}", project_id, key_name);
|
|
let entry = keyring::Entry::new(&service, "secret")
|
|
.map_err(|e| format!("Keyring error: {}", e))?;
|
|
match entry.get_password() {
|
|
Ok(value) => Ok(Some(value)),
|
|
Err(keyring::Error::NoEntry) => Ok(None),
|
|
Err(e) => Err(format!("Failed to retrieve project secret '{}': {}", key_name, e)),
|
|
}
|
|
}
|
|
|
|
/// Delete all known secrets for a project from the OS keychain.
|
|
pub fn delete_project_secrets(project_id: &str) -> Result<(), String> {
|
|
let secret_keys = [
|
|
"git-token",
|
|
"aws-access-key-id",
|
|
"aws-secret-access-key",
|
|
"aws-session-token",
|
|
"aws-bearer-token",
|
|
];
|
|
for key_name in &secret_keys {
|
|
let service = format!("triple-c-project-{}-{}", project_id, key_name);
|
|
let entry = keyring::Entry::new(&service, "secret")
|
|
.map_err(|e| format!("Keyring error: {}", e))?;
|
|
match entry.delete_credential() {
|
|
Ok(()) => {}
|
|
Err(keyring::Error::NoEntry) => {}
|
|
Err(e) => {
|
|
log::warn!("Failed to delete project secret '{}': {}", key_name, e);
|
|
}
|
|
}
|
|
}
|
|
Ok(())
|
|
}
|