Skip to content

Add OS-native secret backends: keychain, secretservice, and wincred#628

Merged
winhowes merged 2 commits intomainfrom
codex/add-secret-plugins-for-key-management-4p3xyn
Apr 21, 2026
Merged

Add OS-native secret backends: keychain, secretservice, and wincred#628
winhowes merged 2 commits intomainfrom
codex/add-secret-plugins-for-key-management-4p3xyn

Conversation

@winhowes
Copy link
Copy Markdown
Owner

@winhowes winhowes commented Apr 21, 2026

Motivation

  • Provide native OS secret backends so AuthTranslator can read secrets from macOS Keychain, Linux Secret Service, and Windows Credential Manager.
  • Support common platform-specific workflows by exposing keychain:, secretservice:, and wincred: URI schemes.

Description

  • Add a macOS Keychain plugin (app/secrets/plugins/keychain) that invokes the security CLI and parses ids in service or service#account form with tests and an injectable execSecurityCommand wrapper.
  • Add a Linux Secret Service plugin (app/secrets/plugins/secretservice) that invokes secret-tool and parses comma-separated key=value attributes with tests and an injectable execSecretTool wrapper.
  • Add a Windows Credential Manager plugin (app/secrets/plugins/wincred) implementing platform-specific loading via CredReadW on Windows and a stub on non-Windows, plus decoding helpers for raw, utf8, and utf16le blobs and comprehensive unit tests.
  • Register the new plugins in app/secrets/plugins/plugins.go and update docs/secret-backends.md with usage examples and environment notes.

Testing

  • Ran unit tests for the plugins package with go test ./app/secrets/plugins and all tests passed.
  • Ran the full test suite with go test ./... and there were no test failures.

Codex Task

@winhowes
Copy link
Copy Markdown
Owner Author

winhowes commented Apr 21, 2026

@codex review

@chatgpt-codex-connector
Copy link
Copy Markdown

chatgpt-codex-connector Bot commented Apr 21, 2026

Codex Review: Didn't find any major issues. Breezy!

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

@winhowes winhowes merged commit ced971f into main Apr 21, 2026
2 of 3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

codex

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@winhowes