Skip to content

fix: change default credential store from Keyring to Auto#31

Merged
jpage-godaddy merged 1 commit into
godaddy:mainfrom
thill2-godaddy:main
Jun 29, 2026
Merged

fix: change default credential store from Keyring to Auto#31
jpage-godaddy merged 1 commit into
godaddy:mainfrom
thill2-godaddy:main

Conversation

@thill2-godaddy

Copy link
Copy Markdown
Contributor

Summary

  • Changes the default CredentialStore from Keyring to Auto
  • Auto tries the system keychain first and transparently falls back to an unencrypted file when the keychain is unavailable
  • Fixes auth on headless Linux and WSL2 environments where no keychain daemon is running, with no configuration change required by the user
  • Keyring remains available via --credential-store keyring or config file

Background

The Auto backend was already implemented and documented as the recommended mode for WSL/headless environments (the source comments say so explicitly). The only problem was that the default was Keyring, which hard-fails when no keychain daemon is present. This surfaces as a confusing error during auth login on WSL2.

Auto is strictly better as a default on all platforms: on macOS/Windows it uses the keychain as before; on headless Linux/WSL2 it falls back to a file rather than failing.

Test plan

  • All existing tests pass (cargo test --features pkce-auth)
  • default_keyring_mode_ignores_credential_file renamed to explicit_keyring_mode_ignores_credential_file and updated to use --credential-store keyring explicitly, preserving coverage of keyring-only behaviour

🤖 Generated with Claude Code

Auto tries the system keychain first and transparently falls back to an
unencrypted file when the keychain backend is unavailable. This fixes
auth on headless Linux and WSL2 environments where no keychain daemon
is running, without any configuration change required by the user.

Keyring remains available via --credential-store keyring or config.

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
@jpage-godaddy jpage-godaddy merged commit ccca021 into godaddy:main Jun 29, 2026
2 checks passed
jpage-godaddy pushed a commit that referenced this pull request Jun 29, 2026
🤖 I have created a release *beep* *boop*
---


##
[0.3.4](cli-engine-v0.3.3...cli-engine-v0.3.4)
(2026-06-29)


### Bug Fixes

* change default credential store from Keyring to Auto
([#31](#31))
([ccca021](ccca021))
* step up OAuth scopes for under-scoped tokens in non-interactive
sessions ([#34](#34))
([9b82ee0](9b82ee0))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants