A keyring transient failure on Set silently falls through to the file backend today, which leaves a stale keyring entry from any prior successful write shadowing the new file-backend token. Fixing the shadow itself is deferred (would need a Set-and-Delete coordination, or a stricter contract). What we can do cheaply: surface the fallback so an operator hitting the shadow has a breadcrumb. On Chain.Set fallthrough past a writable backend that errored, print: veans: credential store: keyring rejected write (X); falling back to file The warning goes to stderr (not the structured envelope — Set still returns nil because the write landed somewhere). Env-backend's read-only skip is unchanged and silent. ChainStderr is exposed as a package var so tests can capture/assert the warning when we backfill credential-store coverage. |
||
|---|---|---|
| .. | ||
| auto-label.prompt.md | ||
| auto-label.yml | ||
| ci.yml | ||
| crowdin.yml | ||
| dependency-diff.yml | ||
| issue-closed-comment.yml | ||
| nixpkgs-update.yml | ||
| preview.yml | ||
| release.yml | ||
| stale-waiting-for-reply.yml | ||
| test.yml | ||