- inject secretService so it works when used directly
- remove console logs
- only remove a migrated secret (instead of removing it unconditionally)
- in +template, await for good measure, which explains why the parent function is async
In the backend:
- prevent concurrency in method that stores secrets from the frontend
as it's racy otherwise to type a secret quickly.
All AI related options are stored in the user-level git configuration
file. Upon first access, they will be removed from there and placed
into the keystore as part of the migration.
The UI is provided with functions to store and save secrets which it
will use specifically to interact with these keys.
It's explicitly out of scope to *not* show the keys in plain-text
anymore after entering them.
MacOS is the only known platform that exhibits this behaviour - if an app
is recompiled, the hash of the binary is used to identify it towards the keychain.
As this changes each time, the keychain will ask for permission, which is fair.
However, it's also an impediment which leads to the implementation of
a keystore that uses git credentials as backend. For this to work,
the latest version of `gitoxide` is required for now.
The frontend uses this to invalidate the GitHub token, even though
it can also deal with `null`. Let's keep the keystore clean and
only keep entries that contain an actual password.
Note that the consumers, i.e. the frontend, handle an empty password
for the short time it's in memory.
This does not only mean that they cannot be written to disk, but also
that extra work has to be done to serialize them over the wire.
This is very much by design, as they can be in structs that are
seemingly serializable and contain sensitive data, but they must
never actually be serialized.
For use in the UI, an extra type must be used that marks the secret
differently, for instance by field name.
This will also remove them from their plain-text location.
Further, when the secrets are required they will be obtained
specifically, instead of always having them at hand.
The frontend doesn't ever show these, but needs them, and
it now asks for them when it needs them.
