Land release blocker fixes and workspace cleanup
This commit is contained in:
@@ -4,6 +4,28 @@
|
||||
**Path:** `crates/cloud-providers/src/keystore.rs:6-18`
|
||||
**Source:** [2026-04-22 code review](../code-review-2026-04-22.md)
|
||||
**Labels:** release-blocker, major, unsafe-api, cloud
|
||||
**Status:** RESOLVED (2026-04-22)
|
||||
|
||||
## Resolution
|
||||
|
||||
Chose acceptance option 2. The environment-mutation stub is gone;
|
||||
`store_api_key` now writes into a process-global
|
||||
`OnceLock<Mutex<HashMap<String, String>>>`, so the safe signature matches
|
||||
the actual safety properties.
|
||||
|
||||
Additional details:
|
||||
|
||||
- Stored keys now live in-memory only for the life of the process.
|
||||
- `retrieve_api_key` checks the in-memory keystore first, then falls
|
||||
back to read-only `KON_API_KEY_<PROVIDER>` environment variables so
|
||||
externally injected secrets still work.
|
||||
- Module docs now describe the real tradeoff clearly: safe from any
|
||||
thread, but non-persistent until a proper OS keychain backend lands.
|
||||
|
||||
Regression tests:
|
||||
|
||||
- `stored_key_is_retrievable_without_env_mutation`
|
||||
- `providers_do_not_overlap`
|
||||
|
||||
## Problem
|
||||
|
||||
|
||||
Reference in New Issue
Block a user