feat: Require Vault set up for first-time setup so all passed in secrets can be encrypted right off the bat

src/client/azure_openai.rs

@@ -24,8 +24,9 @@ impl AzureOpenAIClient {
             "api_base",
             "API Base",
             Some("e.g. https://{RESOURCE}.openai.azure.com"),
+						false
         ),
-        ("api_key", "API Key", None),
+        ("api_key", "API Key", None, true),
     ];
 }
 

src/client/bedrock.rs

@@ -33,9 +33,9 @@ impl BedrockClient {
     config_get_fn!(session_token, get_session_token);
 
     pub const PROMPTS: [PromptAction<'static>; 3] = [
-        ("access_key_id", "AWS Access Key ID", None),
-        ("secret_access_key", "AWS Secret Access Key", None),
-        ("region", "AWS Region", None),
+        ("access_key_id", "AWS Access Key ID", None, true),
+        ("secret_access_key", "AWS Secret Access Key", None, true),
+        ("region", "AWS Region", None, false),
     ];
 
     fn chat_completions_builder(

src/client/claude.rs

@@ -24,7 +24,7 @@ impl ClaudeClient {
     config_get_fn!(api_key, get_api_key);
     config_get_fn!(api_base, get_api_base);
 
-    pub const PROMPTS: [PromptAction<'static>; 1] = [("api_key", "API Key", None)];
+    pub const PROMPTS: [PromptAction<'static>; 1] = [("api_key", "API Key", None, true)];
 }
 
 impl_client_trait!(

src/client/cohere.rs

@@ -24,7 +24,7 @@ impl CohereClient {
     config_get_fn!(api_key, get_api_key);
     config_get_fn!(api_base, get_api_base);
 
-    pub const PROMPTS: [PromptAction<'static>; 1] = [("api_key", "API Key", None)];
+    pub const PROMPTS: [PromptAction<'static>; 1] = [("api_key", "API Key", None, true)];
 }
 
 impl_client_trait!(

src/client/common.rs

@@ -7,6 +7,7 @@ use crate::{
     utils::*,
 };
 
+use crate::vault::Vault;
 use anyhow::{bail, Context, Result};
 use fancy_regex::Regex;
 use indexmap::IndexMap;
@@ -343,19 +344,25 @@ pub struct RerankResult {
     pub relevance_score: f64,
 }
 
-pub type PromptAction<'a> = (&'a str, &'a str, Option<&'a str>);
+pub type PromptAction<'a> = (&'a str, &'a str, Option<&'a str>, bool);
 
 pub async fn create_config(
     prompts: &[PromptAction<'static>],
     client: &str,
+    vault: &Vault,
 ) -> Result<(String, Value)> {
     let mut config = json!({
         "type": client,
     });
-    for (key, desc, help_message) in prompts {
+    for (key, desc, help_message, is_secret) in prompts {
         let env_name = format!("{client}_{key}").to_ascii_uppercase();
         let required = std::env::var(&env_name).is_err();
-        let value = prompt_input_string(desc, required, *help_message)?;
+        let value = if !is_secret {
+            prompt_input_string(desc, required, *help_message)?
+        } else {
+            vault.add_secret(&env_name)?;
+            format!("{{{{{}}}}}", env_name)
+        };
         if !value.is_empty() {
             config[key] = value.into();
         }

src/client/gemini.rs

@@ -23,7 +23,7 @@ impl GeminiClient {
     config_get_fn!(api_key, get_api_key);
     config_get_fn!(api_base, get_api_base);
 
-    pub const PROMPTS: [PromptAction<'static>; 1] = [("api_key", "API Key", None)];
+    pub const PROMPTS: [PromptAction<'static>; 1] = [("api_key", "API Key", None, true)];
 }
 
 impl_client_trait!(

src/client/macros.rs

@@ -87,10 +87,10 @@ macro_rules! register_client {
             client_types
         }
 
-        pub async fn create_client_config(client: &str) -> anyhow::Result<(String, serde_json::Value)> {
+        pub async fn create_client_config(client: &str, vault: &$crate::vault::Vault) -> anyhow::Result<(String, serde_json::Value)> {
             $(
                 if client == $client::NAME && client != $crate::client::OpenAICompatibleClient::NAME {
-                    return create_config(&$client::PROMPTS, $client::NAME).await
+                    return create_config(&$client::PROMPTS, $client::NAME, vault).await
                 }
             )+
             if let Some(ret) = create_openai_compatible_client_config(client).await? {

src/client/openai.rs

@@ -25,7 +25,7 @@ impl OpenAIClient {
     config_get_fn!(api_key, get_api_key);
     config_get_fn!(api_base, get_api_base);
 
-    pub const PROMPTS: [PromptAction<'static>; 1] = [("api_key", "API Key", None)];
+    pub const PROMPTS: [PromptAction<'static>; 1] = [("api_key", "API Key", None, true)];
 }
 
 impl_client_trait!(

src/client/vertexai.rs

@@ -27,8 +27,8 @@ impl VertexAIClient {
     config_get_fn!(location, get_location);
 
     pub const PROMPTS: [PromptAction<'static>; 2] = [
-        ("project_id", "Project ID", None),
-        ("location", "Location", None),
+        ("project_id", "Project ID", None, false),
+        ("location", "Location", None, false),
     ];
 }