[feat] support acquiring credentials from system keyring

Question

[feat] support acquiring credentials from system keyring

Closed this issue 7 months ago · 2 comments

This is more secured approach to store API keys. I still need to investigate how this works because I wasn't using it.

Answer 1 · 2024-08-17T06:19:35.000Z

After some research, I find this is currently better to achieved by a thirdparty tool, which loads an encrypted .env file. Using system secret such as OS X keychain or GNOME keyring is definitely the ideal case but so far I personally don't believe its effectiveness. Instead, I think it's user's responsibility to keep the secret from untrusted applications with approaches like sandboxes or namespaces. Therefore, for now I decide not to implement it. Please comment there is any suggestions.

Answer 2 · 2025-01-29T08:45:32.000Z

I find this should be possible via plugin system. User can add a pre_llm hook to load system secrets before sending the request.