fix(tools): migrate email credentials to keyring, remove hardcoded password

Email tools now use credential_store (keyring) as primary source with env/.env as fallback. Removes plaintext password from email_check.py. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-14 22:30:14 +00:00
parent 5928077646
commit 88d14da902
3 changed files with 51 additions and 15 deletions
--- a/tools/email_process.py
+++ b/tools/email_process.py
@@ -19,7 +19,20 @@ from email.header import decode_header
 from datetime import datetime
 from pathlib import Path

-# Load .env
+# Try keyring first, fall back to .env
+sys.path.insert(0, str(Path(__file__).parent.parent))
+try:
+    from src.credential_store import get_secret
+except ImportError:
+    get_secret = lambda name: None
+
+def _get(keyring_name, env_name, default=''):
+    val = get_secret(keyring_name)
+    if val:
+        return val
+    return os.environ.get(env_name, default)
+
+# Load .env as fallback
 env_path = Path(__file__).parent.parent / '.env'
 if env_path.exists():
    with open(env_path) as f:
@@ -30,10 +43,10 @@ if env_path.exists():
                os.environ.setdefault(key, value)

 # Config
-IMAP_SERVER = os.environ.get('EMAIL_SERVER', 'mail.romfast.ro')
+IMAP_SERVER = _get('email_server', 'EMAIL_SERVER', 'mail.romfast.ro')
 IMAP_PORT = 993
-IMAP_USER = os.environ.get('EMAIL_USER', 'echo@romfast.ro')
-IMAP_PASS = os.environ.get('EMAIL_PASSWORD', '')
+IMAP_USER = _get('email_user', 'EMAIL_USER', 'echo@romfast.ro')
+IMAP_PASS = _get('email_password', 'EMAIL_PASSWORD')

 # Whitelist - only process emails from these addresses
 WHITELIST = [