block
feat(cli): graceful fallback for keyring failures
Summary
Add automatic fallback to file-based storage when keyring is unavailable. Provides user-friendly warnings and security guidance while maintaining configuration functionality.
- Detect keyring-specific errors vs other failures
- Auto-enable GOOSE_DISABLE_KEYRING for fallback
- Show educational security messages to users
- Continue configuration process instead of stopping
Type of Change
- [x] Feature
- [x] Bug fix
- [ ] Refactor / Code quality
- [ ] Performance improvement
- [ ] Documentation
- [ ] Tests
- [ ] Security fix
- [ ] Build / Release
- [ ] Other (specify below)
AI Assistance
- [x] This PR was created or reviewed with AI assistance
Testing
Related Issues
Fixes #5790
@DOsinga, this fix should work. I tested this using LLM, but wasn't able to replicate the said error on my machine as yesterday. Tried disabling even the keyring, but goose configure and ./target/debug/goose configure work no matter what I do. So I wasn't able to manually test it. Probably setting up a Docker or environment without keyring might trigger the error. But with my low-spec machine, that's quite hectic to do.
From OP's log, though, it looks like the original issue may still be happening on OP's end because the keyring wasnβt fully configured, and gcr-ssh-agent.socket doesnβt appear to have been properly enabled. They mentioned trying the fix, but based on the output, the socket was likely still disabled.
Edit: I added fallback for DBus error as well, look at the comment down below. I tested this manually. It seems to be working but this DCO check is killing me. I think I messed up my commit messages.
i guess we should handle this as well
Error: Failed to access keyring: Platform secure storage failure: DBus error: Using X11 for dbus-daemon autolaunch was disabled at compile time, set your DBUS_SESSION_BUS_ADDRESS instead
Edit: Managed to setup docker. Seems to be working.
π
ο β’β’/goose [β΄200][βΏ233]
σ°ͺ’ 7s β― docker run --rm -it goose-test
This will update your existing config files
if you prefer, you can edit them directly at /root/.config/goose
β goose-configure
β
β What would you like to configure?
β Configure Providers
β
β Which model provider should we use?
β OpenAI
β
β Provider OpenAI requires OPENAI_API_KEY, please enter a value
β βͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺβͺ
β
β² Keyring service unavailable. Falling back to file-based storage for secrets.
β
β For better security, consider:
β
β - Fixing your system's keyring service
β
β - Or using environment variables for sensitive data
β
β Configuration will continue normally with file-based storage
β
β Successfully stored secret using file-based storage
β
β Provider OpenAI requires OPENAI_HOST, please enter a value
β https://api.openai.com
β
β Provider OpenAI requires OPENAI_BASE_PATH, please enter a value
β v1/chat/completions
β
β Model fetch complete
β
β Select a model:
β gpt-4o
β
β Checking your configuration... β Configuration saved successfully to /root/.config/goose/config.yaml
This pull request has been automatically marked as stale because it has not had recent activity for 23 days.
What happens next?
- If no further activity occurs, this PR will be automatically closed in 7 days
- To keep this PR active, simply add a comment, push new commits, or add the
keep-openlabel - If you believe this PR was marked as stale in error, please comment and we'll review it
Thank you for your contribution! π
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}