Add auth-source api function

karthink / gptel

A simple LLM client for Emacs

GNU General Public License v3.0

1.14k stars 119 forks source link

Add auth-source api function #13

Closed minad closed 1 year ago

minad commented 1 year ago

Would it make sense to provide this function or even set gptel-apikey to this function by default?

(defun gptel-apikey-from-auth-source ()
  (funcall (plist-get (car (auth-source-search :host "openai.com" :user "apikey")) :secret)))))

karthink commented 1 year ago

I'm not sure if enough users are using auth-source to manage their API keys to warrant this. I think this can go in the README for now.

Incidentally, I'm currently using

(setq gptel-api-key
      (lambda () (auth-source-pass-get 'secret "openai.com")))

I thought setting it to a function instead of the string (both are accounted for by gptel) would be somewhat more secure, since it only stays in memory until the next GC, but I don't think the inconvenience of decrypting it for every request is worth the hassle.

minad commented 1 year ago

I'm not sure if enough users are using auth-source to manage their API keys to warrant this. I think this can go in the README for now.

auth-source is the standard way of storing passwords. See for example smtpmail.el which uses this by default or the other mail packages. I think supporting it ootb without having to write code encourages best practices.

Incidentally, I'm currently using ... auth-source-pass-get ...

auth-source-pass-get is not the best idea here since it depends on the pass backend, which is just one of the possible backends.

karthink commented 1 year ago

I think supporting it ootb without having to write code encourages best practices.

Hmm, I see your point there, let's add it. It may be a while before I get to this, feel free to raise a PR.

karthink commented 1 year ago

auth-source-pass-get is not the best idea here since it depends on the pass backend, which is just one of the possible backends.

Indeed, I wasn't suggesting it for inclusion or as a default. I mentioned it to make the point that I too use auth-source, but I wasn't sure if most people do.

minad commented 1 year ago

Okay, sounds good. I will propose a PR at some point, but there is no rush. I assume your package will see a lot of changes anyway if more people become interested. :)

agzam commented 1 year ago

btw. I'm using the auth-source-search approach; the only nag is that it takes half a second or so to retrieve the key. I don't know if that can be sped up.

karthink commented 1 year ago

If you set gptel-api-key to the key itself (instead of to a function that calls auth-source-search), it should only be called once. Of course, the key is then in memory until the end of your Emacs session.