API key storage, resolution, and management for agent providers.
Keys are stored in ~/.config/minga/credentials.json with restrictive
file permissions (0600). Environment variables always take precedence
over stored keys so existing setups are never broken.
Resolution order:
- Environment variable (e.g.
ANTHROPIC_API_KEY) - Credentials file
Keys are never logged, never included in session exports, and never
sent to *Messages*.
Summary
Functions
Returns true if any provider has a configured API key.
Returns the API key dashboard URL for a provider, or nil if unknown.
Returns the environment variable name for a provider, or nil if unknown.
Returns the list of known provider names.
Returns true if an openai-codex entry exists in oauth.json.
Returns the path to ~/.config/minga/oauth.json (XDG-aware).
Returns true if Ollama appears to be running locally.
Returns the Ollama host URL. Checks OLLAMA_HOST env var first,
then falls back to the default localhost URL.
Extracts the provider name from a model string like "anthropic:claude-sonnet-4-20250514".
Resolves an API key for the given provider.
Removes a stored API key for a provider.
Returns the auth status for all known providers plus Ollama and OpenAI OAuth.
Stores an API key for a provider in the credentials file.
Types
@type key_source() :: :env | :file | :oauth | nil
Source where a key was found.
@type provider() :: String.t()
A supported provider name.
@type provider_status() :: MingaAgent.Credentials.ProviderStatus.t()
Status entry for a single provider.
Functions
@spec any_configured?() :: boolean()
Returns true if any provider has a configured API key.
Returns the API key dashboard URL for a provider, or nil if unknown.
Returns the environment variable name for a provider, or nil if unknown.
@spec known_providers() :: [provider()]
Returns the list of known provider names.
@spec oauth_configured?() :: boolean()
Returns true if an openai-codex entry exists in oauth.json.
@spec oauth_path() :: String.t()
Returns the path to ~/.config/minga/oauth.json (XDG-aware).
@spec ollama_available?() :: boolean()
Returns true if Ollama appears to be running locally.
Makes a quick HTTP request to the Ollama API tags endpoint. Returns false on connection errors or timeouts.
@spec ollama_host() :: String.t()
Returns the Ollama host URL. Checks OLLAMA_HOST env var first,
then falls back to the default localhost URL.
Extracts the provider name from a model string like "anthropic:claude-sonnet-4-20250514".
Returns "anthropic" for bare model names (no prefix), since Anthropic
is the default provider.
@spec resolve(provider()) :: {:ok, String.t(), key_source()} | :error
Resolves an API key for the given provider.
Checks the environment variable first, then the credentials file.
Returns {:ok, key, source} if found, or :error if no key is
configured anywhere.
Removes a stored API key for a provider.
Only removes from the credentials file. Environment variables are unaffected (and will still be used if set).
@spec status() :: [provider_status()]
Returns the auth status for all known providers plus Ollama and OpenAI OAuth.
Each entry shows whether a key is configured and where it was found
(:env, :file, :oauth, :local, or nil). Keys themselves are never exposed.
Stores an API key for a provider in the credentials file.
Creates the config directory and file if they don't exist. Sets file permissions to 0600 (owner read/write only).