cortex-ide/src-tauri/src/settings/secure_store.rs at 1dc64a5b2ab6da4a71853d421b0b0a749fba62e3 · CortexLM/cortex-ide · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
//! Secure API key storage using OS keyring
//!
//! This module provides secure storage for sensitive data like API keys
//! using the operating system's native keyring (Keychain on macOS,
//! Credential Manager on Windows, Secret Service on Linux).

use secrecy::SecretString;

use super::KEYRING_SERVICE;

/// Secure API key storage manager
pub struct SecureApiKeyStore;

impl SecureApiKeyStore {
    /// Get keyring entry for a secure secret
    fn get_entry(key_name: &str) -> Result<keyring::Entry, String> {
        keyring::Entry::new(KEYRING_SERVICE, key_name)
            .map_err(|e| format!("Failed to access keyring: {e}"))
    }

    /// Store a secret securely in the keyring
    pub fn set_secret(key_name: &str, secret: &str) -> Result<(), String> {
        let entry = Self::get_entry(key_name)?;
        entry
            .set_password(secret)
            .map_err(|e| format!("Failed to store secret: {e}"))
    }

    /// Retrieve a secret from the keyring
    pub fn get_secret(key_name: &str) -> Result<Option<SecretString>, String> {
        let entry = Self::get_entry(key_name)?;
        match entry.get_password() {
            Ok(secret) => Ok(Some(SecretString::from(secret))),
            Err(keyring::Error::NoEntry) => Ok(None),
            Err(e) => Err(format!("Failed to retrieve secret: {e}")),
        }
    }

    /// Delete a secret from the keyring
    pub fn delete_secret(key_name: &str) -> Result<bool, String> {
        let entry = Self::get_entry(key_name)?;
        match entry.delete_credential() {
            Ok(()) => Ok(true),
            Err(keyring::Error::NoEntry) => Ok(false),
            Err(e) => Err(format!("Failed to delete secret: {e}")),
        }
    }

    /// Check if a secret exists
    pub fn has_secret(key_name: &str) -> Result<bool, String> {
        let entry = Self::get_entry(key_name)?;
        match entry.get_password() {
            Ok(_) => Ok(true),
            Err(keyring::Error::NoEntry) => Ok(false),
            Err(e) => Err(format!("Failed to check secret: {e}")),
        }
    }

    /// Store an API key securely in the keyring
    pub fn set_api_key(key_name: &str, api_key: &str) -> Result<(), String> {
        Self::set_secret(key_name, api_key)
    }

    /// Retrieve an API key from the keyring
    pub fn get_api_key(key_name: &str) -> Result<Option<SecretString>, String> {
        Self::get_secret(key_name)
    }

    /// Delete an API key from the keyring
    pub fn delete_api_key(key_name: &str) -> Result<bool, String> {
        Self::delete_secret(key_name)
    }

    /// Check if an API key exists
    pub fn has_api_key(key_name: &str) -> Result<bool, String> {
        Self::has_secret(key_name)
    }
}

/// Get API key for internal use (returns actual value as SecretString)
pub fn get_api_key_internal(key_name: &str) -> Option<SecretString> {
    SecureApiKeyStore::get_api_key(key_name).ok().flatten()
}