[Feature]: Store Credentials in System Keyrings with JSON Fallback

[laraibg786]

Problem Description

Currently, Context7 stores authentication credentials in a plaintext JSON file (~/.context7/credentials.json or following XDG standards ~/.config/context7/credentials.json). This approach has several drawbacks:

1. Security Risk: Credentials are stored in plaintext on disk, making them vulnerable if:
   • The home directory is compromised
   • Backups are not encrypted
   • The machine is shared or accessed by other users
   • The disk is physically stolen
2. Non-Standard Practice: Modern CLI tools (AWS CLI, GitHub CLI, gcloud, etc.) use system credential storage instead of plaintext JSON files
3. Compliance Issues: Many organizations require credentials to be stored in secure vaults rather than plaintext

Proposed Solution

Implement a multi-backend credential storage system that:

1. Prioritizes System Keyrings (in order of availability):
   • Linux: libsecret (GNOME Keyring, KDE Wallet)
   • macOS: Keychain
   • Windows: Credential Manager
2. Fallback to JSON: Only use JSON file storage when no system keyring is available (e.g., headless servers, minimal environments)
3. Smart Migration: On first run, detect which backend is available and optionally migrate existing JSON credentials
4. On rollout, try to migrate the existing credentials.json to keyring if available when ran.

Alternatives Considered

No response

Priority

Would improve my workflow

Additional Context

These tools successfully implemented keyring support:

1. GitHub CLI (gh):
   • Uses keyring on Linux via libsecret
   • Keychain on macOS
   • Credential Manager on Windows
   • Fallback to plaintext on unsupported systems
   • Source: https://github.com/cli/cli/blob/trunk/pkg/auth/keyring.go
2. AWS CLI v2:
   • Stores temporary credentials in keyring when available
   • Falls back to ~/.aws/credentials on unsupported systems
   • User can configure preference via config file
3. GitLab CLI (glab):
   • Uses go-keyring library (Go equivalent of keytar)
   • Supports the same Linux/macOS/Windows keyrings
   • https://github.com/profclems/glab
4. gcloud CLI:
   • Stores authentication tokens in keyring
   • Graceful fallback for headless environments

npm/Node.js:

• npm uses keytar for storing auth tokens
• Popular in Node.js ecosystem

[fahreddinozcan]

Thanks for the heads up @laraibg786, I will be raising this internally and plan the related implementation.