Provider API key saved in session files in the clear

[oatmealm]

I've noticed the session key is saved in the clear with the session data... might need to be taken care of? Not a priority as far as I'm concerned and these files are not supposed to be shared I guess... I also think I would make users aware of ellama-sessions-directory ... it's a wonderful feature and I changed it, so these records are in my org directory and are searchable...

[s-kostyaev]

I should think about it.

Probable solution: add ability to save session files in separate directory (like autosave files).

Another probable solution: encrypt/decrypt keys during save/load. But it will make things complicated. Not sure if I want to do it.

[eras]

Emacs has builtin gpg-support. I wonder if it would "just work" if ellama supported saving with extension .gpg? I recall there was a gitlab package for Emacs that used that approach for storing credentials.

[oatmealm]

Emacs has builtin gpg-support. I wonder if it would "just work" if ellama supported saving with extension .gpg? I recall there was a gitlab package for Emacs that used that approach for storing credentials.

In interactive mode at least, simply opening a file with the extension .gpg seems to activate encryption/decryption (in Doom Emacs AFAIK).