Skip to main content

NativeCredentialStore

  • Namespace: PPDS.Auth.Credentials
  • Assembly: PPDS.Auth
  • Kind: Class
  • Implements: ISecureCredentialStore, IDisposable

Summary

Provides secure, platform-native credential storage using OS credential managers.

Members

Constructors

NativeCredentialStore(bool allowCleartextFallback)

NativeCredentialStore(bool allowCleartextFallback)

Creates a new native credential store using the default settings.

  • Param allowCleartextFallback: On Linux, opts the caller in to plaintext file storage when libsecret is unavailable. Plaintext activation is double-gated: it requires BOTH this flag set to true AND the GCM_CREDENTIAL_STORE=plaintext environment variable, preventing accidental activation. Has no effect on Windows or macOS, where secure storage is always available. This is intended for CI/CD environments without a keyring.

Methods

ClearAsync

Task ClearAsync(CancellationToken cancellationToken)

Clears all stored credentials.

  • Param cancellationToken: Cancellation token.

Dispose

void Dispose()

Disposes resources used by this credential store.

ExistsAsync

Task<bool> ExistsAsync(string applicationId, CancellationToken cancellationToken)

Checks if credentials exist for a service principal.

  • Param applicationId: The application (client) ID.

  • Param cancellationToken: Cancellation token.

  • Returns: True if credentials exist.

GetAsync

Task<StoredCredential> GetAsync(string applicationId, CancellationToken cancellationToken)

Retrieves credentials for a service principal by application ID.

  • Param applicationId: The application (client) ID.

  • Param cancellationToken: Cancellation token.

  • Returns: The stored credential, or null if not found.

RemoveAsync

Task<bool> RemoveAsync(string applicationId, CancellationToken cancellationToken)

Removes credentials for a service principal.

  • Param applicationId: The application (client) ID.

  • Param cancellationToken: Cancellation token.

  • Returns: True if removed, false if not found.

StoreAsync

Task StoreAsync(StoredCredential credential, CancellationToken cancellationToken)

Stores credentials for a service principal.

  • Param credential: The credential to store.

  • Param cancellationToken: Cancellation token.

Properties

IsCleartextCachingEnabled

bool IsCleartextCachingEnabled { get; }

Gets whether cleartext caching is enabled (Linux fallback).