refactor(security): move secret store under keyring#2592
Conversation
|
Warning Review limit reached
Your plan includes 5 reviews of capacity. Refill in 16 minutes and 10 seconds. Your organization has run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After more review capacity refills, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than trial, open-source, and free plans. In all cases, review capacity refills continuously over time. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (21)
Comment |
Summary
SecretStoreunder thekeyringmodule while keepingsecurity::secretsas a compatibility shim.secret_keyfilesscripts/test-rust-e2e.shProblem
.secret_keyinstalls to keyring-backed storage was not covered by end-to-end testsSolution
src/openhuman/keyring/encrypted_store.rsand re-export it throughkeyring::SecretStore.secret_keyfiles into that backend on first useSubmission Checklist
N/A: no existing feature-matrix row was added/removed/renamed by this storage/docs refactor## Related—N/A: no matrix feature IDs changedN/A: no installer/distribution/manual-smoke surface changedCloses #NNNin the## Relatedsection —N/A: no tracked issue was provided for this branchImpact
.secret_keyinstalls migrate forward instead of requiring manual re-entry of secretsRelated
AI Authored PR Metadata (required for Codex/Linear PRs)
Linear Issue
Commit & Branch
keychain-secretstore-migration041878741Validation Run
pnpm --filter openhuman-app format:checkpnpm typecheckcargo test --manifest-path Cargo.toml keyring::encrypted_store::tests -- --nocapturecargo test --manifest-path Cargo.toml --test keyring_secretstore_e2e --test keyring_secretstore_fresh_e2e -- --nocapturebash scripts/test-rust-e2e.sh --suite keyring_secretstore_e2e --suite keyring_secretstore_fresh_e2ecargo fmt --manifest-path Cargo.tomlcargo check --manifest-path src-tauri/Cargo.tomlcargo check --manifest-path src-tauri/Cargo.tomlValidation Blocked
command:pnpm test:coverage,pnpm test:rusterror:not run in full during this change; focused validation was used insteadimpact:diff-coverage merge gate still depends on CI/full-suite coverage jobsBehavior Changes
Parity Contract
security::secretsremains as a compatibility re-export shim.secret_keymigration path covered by E2E; fresh-install key creation path covered by E2E; test file-backend override preservedDuplicate / Superseded PR Handling