fix: change default credential store from Keyring to Auto#31
Open
thill2-godaddy wants to merge 1 commit into
Open
fix: change default credential store from Keyring to Auto#31thill2-godaddy wants to merge 1 commit into
thill2-godaddy wants to merge 1 commit into
Conversation
Auto tries the system keychain first and transparently falls back to an unencrypted file when the keychain backend is unavailable. This fixes auth on headless Linux and WSL2 environments where no keychain daemon is running, without any configuration change required by the user. Keyring remains available via --credential-store keyring or config. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
CredentialStorefromKeyringtoAutoAutotries the system keychain first and transparently falls back to an unencrypted file when the keychain is unavailableKeyringremains available via--credential-store keyringor config fileBackground
The
Autobackend was already implemented and documented as the recommended mode for WSL/headless environments (the source comments say so explicitly). The only problem was that the default wasKeyring, which hard-fails when no keychain daemon is present. This surfaces as a confusing error duringauth loginon WSL2.Autois strictly better as a default on all platforms: on macOS/Windows it uses the keychain as before; on headless Linux/WSL2 it falls back to a file rather than failing.Test plan
cargo test --features pkce-auth)default_keyring_mode_ignores_credential_filerenamed toexplicit_keyring_mode_ignores_credential_fileand updated to use--credential-store keyringexplicitly, preserving coverage of keyring-only behaviour🤖 Generated with Claude Code