Namespace JD.AI.Core.Providers.Credentials
Classes
- AuditingCredentialStore
Decorator that logs all credential access to the IAuditSink. Wraps any ICredentialStore to provide secret access auditing.
- ChainedCredentialStore
Chains multiple ICredentialStore instances, trying each in order for reads and writing to the first writable store. Enables layered secret resolution (e.g., Vault → env vars → encrypted file).
- EncryptedFileStore
Cross-platform credential store using DPAPI (Windows) or AES-GCM with locally rotated key material (Linux/macOS). Credentials are stored in ~/.jdai/credentials/ by default.
- EncryptedFileStoreOptions
Configuration options for EncryptedFileStore.
- EnvironmentCredentialStore
Reads credentials from environment variables. Container-safe — works with Kubernetes Secrets mounted as env vars, Docker --env, and systemd EnvironmentFile.
Keys are mapped to env var names by uppercasing and replacing colons/dots with underscores. For example,
jdai:provider:openai:apikey→JDAI_PROVIDER_OPENAI_APIKEY.
- ProviderConfigurationManager
Resolves provider credentials from multiple sources:
- ICredentialStore (secure storage)
- IConfiguration (appsettings, user secrets)
- Well-known environment variables
- TenantScopedCredentialStore
Wraps an underlying ICredentialStore and enforces tenant-namespace isolation. All credential keys are automatically prefixed with the current tenant ID so that credentials belonging to different tenants cannot be accessed across tenant boundaries.
Interfaces
- ICredentialStore
Provides secure storage for provider API keys and secrets.