fix: route live-mode keys to keyring and store account ID on interactive login#1509
Merged
bernerd-stripe merged 3 commits intomasterfrom Mar 25, 2026
Merged
Conversation
…ive login `stripe login --interactive` was unconditionally storing the entered key as a test-mode key in plaintext. Live-mode keys (sk_live_/rk_live_) now route to LiveModeAPIKey so writeProfile stores them redacted in config and in the system keyring. The account ID from GET /v1/account is now stored on the profile, matching the browser login path. Co-Authored-By: Claude Sonnet 4.6 <[email protected]> Committed-By-Agent: claude
tomer-stripe
approved these changes
Mar 25, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Reviewers
r? @
cc @stripe/developer-products
Summary
stripe login --interactivehad two bugs compared to the browser login path:Live-mode keys stored as plaintext test-mode keys. The key entered
interactively was unconditionally assigned to
Profile.TestModeAPIKey,even for
sk_live_/rk_live_keys. Test-mode keys are stored inplaintext in
config.toml. Live-mode keys should go toProfile.LiveModeAPIKey, whichwriteProfilestores redacted in configand in full in the system keyring.
Account ID never stored. The
/v1/accountresponse was used only toextract the display name;
account.IDwas discarded. The browser loginpath stores the account ID on the profile; interactive login now does too.
Changes:
pkg/login/interactive_login.go: detect key prefix (sk_live_/rk_live_)and route to the correct profile field; store both
DisplayNameandAccountIDfrom the singleGetUserAccountcall. RemovegetDisplayName(was a wrapper that discarded the account ID). Extract
interactiveLoginWithParamsto enable testing with injected reader/baseURL.pkg/login/interactive_login_test.go: replace the now-deletedgetDisplayNametests with three newInteractiveLogintests coveringtest-mode key routing, live-mode key routing, and account ID + display name
storage.
Backward compatibility: Existing users with live keys incorrectly stored
as test-mode keys are unaffected — their config continues to work as-is. On
their next
stripe login --interactive,CreateProfilewipes and rewritesthe profile section, routing the live key to the keyring going forward.