Table of Contents

Class EncryptedFileStore

Namespace
JD.AI.Core.Providers.Credentials
Assembly
JD.AI.Core.dll

Cross-platform credential store using DPAPI (Windows) or AES-GCM with locally rotated key material (Linux/macOS). Credentials are stored in ~/.jdai/credentials/ by default.

public sealed class EncryptedFileStore : ICredentialStore
Inheritance
EncryptedFileStore
Implements
Inherited Members

Constructors

EncryptedFileStore(string?, HttpClient?, EncryptedFileStoreOptions?) 

public EncryptedFileStore(string? basePath = null, HttpClient? httpClient = null, EncryptedFileStoreOptions? options = null)

Parameters

basePath string
httpClient HttpClient
options EncryptedFileStoreOptions

Properties

IsAvailable

Whether this store is available on the current platform.

public bool IsAvailable { get; }

Property Value

bool

StoreName

Human-readable name of the backing store.

public string StoreName { get; }

Property Value

string

Methods

GetAsync(string, CancellationToken)

Gets a stored credential value.

public Task<string?> GetAsync(string key, CancellationToken ct = default)

Parameters

key string
ct CancellationToken

Returns

Task<string>

ListKeysAsync(string, CancellationToken)

Lists all keys matching a prefix.

public Task<IReadOnlyList<string>> ListKeysAsync(string prefix, CancellationToken ct = default)

Parameters

prefix string
ct CancellationToken

Returns

Task<IReadOnlyList<string>>

RemoveAsync(string, CancellationToken)

Removes a stored credential.

public Task RemoveAsync(string key, CancellationToken ct = default)

Parameters

key string
ct CancellationToken

Returns

Task

RotateKeyAsync(CancellationToken)

Rotates the local non-Windows AES-GCM key and marks the previous key as retired. Existing secrets remain readable with historical keys.

public Task RotateKeyAsync(CancellationToken ct = default)

Parameters

ct CancellationToken

Returns

Task

RotateKeysAsync(CancellationToken)

Re-encrypts all stored credentials in place. On Windows this is a no-op (DPAPI handles key rotation at the OS level). On Linux/macOS this reads each credential and re-writes it, picking up any changes in the derived key material. Returns the number of credentials rotated.

public Task<int> RotateKeysAsync(CancellationToken ct = default)

Parameters

ct CancellationToken

Returns

Task<int>

SetAsync(string, string, CancellationToken)

Stores a credential value.

public Task SetAsync(string key, string value, CancellationToken ct = default)

Parameters

key string
value string
ct CancellationToken

Returns

Task
Edit this page