From 5d777a7d5a3a890627e429e3d3b14ad51f8db4c3 Mon Sep 17 00:00:00 2001 From: Jordan Smith Date: Tue, 7 Jul 2026 15:23:11 +1200 Subject: [PATCH] Clear the cleartext credentials from the toml config when we've successfully saved a profile in keychain --- src/cli/commands/auth.rs | 61 +++++++++++++++++++++++++++------------- 1 file changed, 41 insertions(+), 20 deletions(-) diff --git a/src/cli/commands/auth.rs b/src/cli/commands/auth.rs index 93642f7..6cf313a 100644 --- a/src/cli/commands/auth.rs +++ b/src/cli/commands/auth.rs @@ -1,10 +1,10 @@ /// `bitmex auth` subcommands: add, set, list, show, use, delete, reset. use clap::Subcommand; +use crate::AppContext; +use crate::cli::output::CommandOutput; use crate::config::{self, keychain, mask_string}; use crate::errors::{BitmexError, Result}; -use crate::cli::output::CommandOutput; -use crate::AppContext; #[derive(Debug, Subcommand)] pub(crate) enum AuthCommand { @@ -65,9 +65,13 @@ pub(crate) async fn run(cmd: AuthCommand, ctx: &AppContext) -> Result Result Result Result Result Result Result Result Result ( mask_string(k), - if has_keychain_secret { "keychain" } else { "config file" }, + if has_keychain_secret { + "keychain" + } else { + "config file" + }, ), None => ("not set".to_string(), "none"), }; @@ -355,7 +374,9 @@ fn save_profile_creds( // keychain prompt when loading credentials. if let Some(p) = cfg.profiles.iter_mut().find(|p| p.name == profile_name) { p.api_key = Some(api_key.to_string()); - if !stored_in_keychain { + if stored_in_keychain { + p.api_secret = None; + } else { // Keychain unavailable — also store the secret as plaintext fallback. p.api_secret = Some(api_secret.to_string()); }