Skip to content
This repository was archived by the owner on Nov 5, 2024. It is now read-only.

Commit 288c4f2

Browse files
g-linvilleg-linville
committed
chore: update README
Signed-off-by: Grant Linville <[email protected]>
1 parent ac8c0c5 commit 288c4f2

File tree

1 file changed

+48
-2
lines changed

1 file changed

+48
-2
lines changed

README.md

Lines changed: 48 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,48 @@
1-
# gptscript-helper-sqlite
2-
A GPTScript credential helper for SQLite
1+
# gptscript-credential-sqlite
2+
3+
This is a GPTScript [credential helper](https://docs.gptscript.ai/credentials) for SQLite. When the `sqlite` credential store
4+
is configured for GPTScript, it will use this helper to store credentials in a local SQLite file, located in the configuration directory.
5+
By default, all credentials are stored unencrypted.
6+
7+
Only macOS and Linux are supported.
8+
9+
## Default SQLite file location
10+
11+
- macOS: `~/Library/Application Support/gptscript/credentials.db`
12+
- if the `XDG_CONFIG_HOME` environment variable is set, the file will be located at `$XDG_CONFIG_HOME/gptscript/credentials.db`
13+
- Linux: `$XDG_CONFIG_HOME/gptscript/credentials.db`
14+
15+
## Encryption Configuration
16+
17+
To enable encryption, you need to create an encryption configuration file. We use the same type of configuration
18+
as [Kubernetes](https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/) does.
19+
20+
This should allow you to use any Kubernetes-compatible KMS v2 providers, though we have not yet tested this.
21+
We have only tested the built-in `aesgcm` provider, which uses a key stored locally in the configuration file.
22+
23+
### Default encryption configuration locations
24+
25+
- macOS: `~/Library/Application Support/gptscript/encryptionconfig.yaml`
26+
- if the `XDG_CONFIG_HOME` environment variable is set, the file will be located at `$XDG_CONFIG_HOME/gptscript/encryptionconfig.yaml`
27+
- Linux: `$XDG_CONFIG_HOME/gptscript/encryptionconfig.yaml`
28+
29+
### Example: AES-GCM configuration with a key in the config file
30+
31+
```yaml
32+
kind: EncryptionConfiguration
33+
apiVersion: apiserver.config.k8s.io/v1
34+
resources:
35+
- resources:
36+
# Note that the configuration here must be EXACTLY 'credentials'
37+
- credentials
38+
providers:
39+
- aesgcm:
40+
keys:
41+
- name: myKey
42+
secret: <key encoded in base64>
43+
```
44+
45+
## Environment Variables
46+
47+
- `GPTSCRIPT_SQLITE_FILE` - can be used to override the path to the SQLite file.
48+
- `GPTSCRIPT_ENCRYPTION_CONFIG_FILE` - can be used to override the path to the encryption configuration file.

0 commit comments

Comments
 (0)