refactor: use system secrets when possible (#248)

2025-12-29 12:09:52 -08:00
parent 4927a915f9
commit fab0ca676b
12 changed files with 869 additions and 57 deletions
--- a/src/auth/setup-ui.tsx
+++ b/src/auth/setup-ui.tsx
@@ -83,21 +83,28 @@ export function SetupUI({ onComplete }: SetupUIProps) {
        deviceId,
        deviceName,
      )
-        .then((tokens) => {
-          // Save tokens
+        .then(async (tokens) => {
+          // Save tokens using secrets for secure storage
          // Note: LETTA_BASE_URL is intentionally NOT saved to settings
          // It should only come from environment variables
          const now = Date.now();
-          settingsManager.updateSettings({
-            env: {
-              ...settingsManager.getSettings().env,
-              LETTA_API_KEY: tokens.access_token,
-            },
-            refreshToken: tokens.refresh_token,
-            tokenExpiresAt: now + tokens.expires_in * 1000,
-          });
-          setMode("done");
-          setTimeout(() => onComplete(), 1000);
+
+          try {
+            // Update settings with non-sensitive data and tokens (secrets handles secure storage)
+            settingsManager.updateSettings({
+              env: {
+                ...settingsManager.getSettings().env,
+                LETTA_API_KEY: tokens.access_token,
+              },
+              refreshToken: tokens.refresh_token,
+              tokenExpiresAt: now + tokens.expires_in * 1000,
+            });
+
+            setMode("done");
+            setTimeout(() => onComplete(), 1000);
+          } catch (err) {
+            setError(err instanceof Error ? err.message : String(err));
+          }
        })
        .catch((err) => {
          setError(err.message);