logly/mureo

Optional secret flag on AccountCredentialField

Additive minor release on top of v0.9.11. One Protocol-surface enhancement, fully backward-compatible.

Added — AccountCredentialField gains optional secret: bool flag

AccountCredentialField (introduced in v0.9.7 to let providers declare per-account credential fields) gains an optional secret: bool = False attribute. It lets a provider mark a per-account field as a secret value (API key, per-account OAuth token, etc.) rather than a public identifier.

Consumers — configure wizards, third-party setup UIs — read the flag to:

• Render the value as a masked / password-style input.
• Avoid pre-populating the value on edit (a blank input conventionally means "keep the existing value").
• Choose tighter storage permissions, typically 0o600, when the value lands in a file rather than an injected SecretStore.

The flag is declarative metadata only — mureo itself does not redact or remask the value; consumers act on it. Default False keeps every existing built-in / plugin declaration working unchanged.

The OSS-shipped GoogleAdsAdapter and MetaAdsAdapter do not declare any field with secret=True — their per-account fields are public identifiers (customer_id, ad_account_id, login_customer_id) and the sensitive material (refresh tokens, system user tokens) is operator-shared and lives in the SecretStore layer. The flag exists for plugins whose authentication model places the secret inside the per-account slice (e.g. ad platforms with one API key per account).

docs/plugin-authoring.md documents the flag in the attribute reference table and a new "Secret per-account fields" subsection with a canonical api_key example.

PRs in this release

• #148 — feat(providers): add optional secret flag to AccountCredentialField

Upgrade

pip install --upgrade mureo

No code changes required for callers. Plugin authors whose per-account auth model uses an API key can opt in by setting secret=True on the matching AccountCredentialField declaration.