Skip to content

feat: add macOS Keychain support for secure credential storage #47

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
BayramAnnakov wants to merge 2 commits into
base: main
Choose a base branch
from
Open

feat: add macOS Keychain support for secure credential storage #47

BayramAnnakov wants to merge 2 commits into from

Conversation

@BayramAnnakov
Copy link
Contributor

@BayramAnnakov BayramAnnakov commented Dec 26, 2025

Summary

Add support for storing Telegram API credentials in macOS Keychain instead of plain text .env files.

Changes

  • Add get_credential_from_keychain() function to read from macOS Keychain
  • Add get_credential() wrapper that tries Keychain first, falls back to environment variables
  • Update credential loading to use the new functions
  • Full backward compatibility: existing .env setups continue to work

Usage

Store credentials in Keychain:

security add-generic-password -a "api_id" -s "telegram-mcp" -w "YOUR_API_ID" -U
security add-generic-password -a "api_hash" -s "telegram-mcp" -w "YOUR_API_HASH" -U
security add-generic-password -a "session_string" -s "telegram-mcp" -w "YOUR_SESSION_STRING" -U

Benefits

  • Credentials never stored in plain text on disk
  • Protected by macOS security (Touch ID, password)
  • Not accidentally committed to git
  • No changes required for existing users (falls back to .env)

Platform Support

  • macOS: Full Keychain support
  • Linux/Windows: Falls back to environment variables (no change in behavior)

🤖 Generated with Claude Code

@BayramAnnakov @claude
feat: add macOS Keychain support for secure credential storage
9586a9f 
Credentials can now be stored in macOS Keychain instead of plain text .env files:
- security add-generic-password -a "api_id" -s "telegram-mcp" -w "YOUR_API_ID" -U
- security add-generic-password -a "api_hash" -s "telegram-mcp" -w "YOUR_API_HASH" -U
- security add-generic-password -a "session_string" -s "telegram-mcp" -w "YOUR_SESSION_STRING" -U

The code tries Keychain first, then falls back to environment variables,
maintaining full backward compatibility.

Benefits:
- Credentials never stored in plain text on disk
- Protected by macOS security (Touch ID, password)
- Not accidentally committed to git

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <[email protected]>
@iqdoctor
Copy link
Contributor

iqdoctor commented Dec 26, 2025

pls fix black

@BayramAnnakov @claude
style: fix black formatting
699da72 
🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@BayramAnnakov @iqdoctor