Skip to content

feat(tf-security): implement secret store with OS keyring backend#13

Merged
EdouardZemb merged 3 commits intomainfrom
feature/0-3-gestion-secrets
Feb 5, 2026
Merged

feat(tf-security): implement secret store with OS keyring backend#13
EdouardZemb merged 3 commits intomainfrom
feature/0-3-gestion-secrets

Conversation

@EdouardZemb
Copy link
Owner

@EdouardZemb EdouardZemb commented Feb 5, 2026

Summary

  • Add tf-security crate for secure secret management via OS keyring
  • Implements story 0-3: "Gestion des secrets via secret store"
  • Cross-platform support: Linux (gnome-keyring/kwallet), macOS (Keychain), Windows (Credential Manager)

Changes

New crate: tf-security

  • SecretStore API: store_secret, get_secret, delete_secret, has_secret, try_has_secret
  • SecretError enum with actionable hints (no secret values exposed)
  • Custom Debug impl that never leaks secrets

CI Updates

  • Added rust-tests job (clippy + unit tests)
  • Added rust-keyring-tests job (integration tests with gnome-keyring)

Acceptance Criteria

Test plan

  • 25 unit + integration tests pass (with keyring)
  • 5 doc-tests pass
  • cargo clippy --workspace clean
  • Code review completed (2 rounds)

🤖 Generated with Claude Code

EdouardZemb and others added 3 commits February 5, 2026 23:05
@EdouardZemb @claude
feat(tf-security): implement secret store with OS keyring backend
ef6fa37 
Add tf-security crate providing secure secret management:
- SecretStore trait for credential abstraction
- KeyringSecretStore using OS-native keyring (Linux/macOS/Windows)
- SecretError with actionable user hints (no secret values exposed)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@EdouardZemb @claude
chore(story): mark story 0-3 as done after code review
3383135 
- Story status: review → done
- Sprint status synced
- All 30 tests pass (unit + integration + doc-tests)
- Code review validated all 3 acceptance criteria

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@EdouardZemb @claude
fix(ci): install libdbus-1-dev for keyring crate compilation
cb7ad6f 
The keyring crate with sync-secret-service feature requires
dbus library headers to compile on Linux.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@EdouardZemb EdouardZemb merged commit c473fb7 into main Feb 5, 2026
3 checks passed
@EdouardZemb EdouardZemb deleted the feature/0-3-gestion-secrets branch February 5, 2026 22:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@EdouardZemb