Closed g-linville closed 1 week ago
Temporarily moved back to draft because I found a bug in my stacked credentials implementation. Working on it...
Should be good now.
Closing this since I am going to reimplement it as a separate application that we use as a credential helper.
This adds a new credential store option,
sqlite
, which uses a pure Go SQLite driver with GORM to store credentials in a local SQLite database file.By default, the SQLite file will be created at
<xdg config dir>/gptscript/credentials.db
, though this can be overridden with an environment variable. We also check for a KubernetesEncryptionConfiguration
file at<xdg config dir>/gptscript/encryptionconfig.yaml
(this path can also be overridden with an environment variable). If this config file is present, we use it for configuration. We can do AES-GCM with a locally stored key, or something fancier like a KMS v2 plugin to support AWS KMS or some other third party service.Here is an example encryptionconfig.yaml to use AES-GCM:
For now I think we want to leave this undocumented? Let me know if I should remove the references to it in the error output (the output we display to the user when they configure an invalid credential store in their config file).