#+TITLE: SKILL: Credentials Vault (org-skill-credentials-vault.org)
#+AUTHOR: Agent
#+FILETAGS: :system:security:vault:
#+PROPERTY: header-args:lisp :tangle %%SKILLS_DIR%%/org-skill-credentials-vault.lisp

* Overview
The *Credentials Vault* provides secure in-memory storage for sensitive API keys and session tokens.

* Implementation

** Vault Storage
#+begin_src lisp
(defvar *vault-memory* (make-hash-table :test 'equal)
  "In-memory cache of sensitive credentials.")
#+end_src

** Secret Management
#+begin_src lisp
(defun vault-get-secret (provider &key (type :api-key))
  "Retrieves a credential from the vault or environment."
  (let* ((key (format nil "~a-~a" provider type))
         (val (gethash key *vault-memory*)))
    (if val
        val
        (let ((env-var (case provider
                          (:gemini "GEMINI_API_KEY")
                          (:openai "OPENAI_API_KEY")
                          (:anthropic "ANTHROPIC_API_KEY")
                          (:openrouter "OPENROUTER_API_KEY")
                          (otherwise nil))))
          (when env-var (uiop:getenv env-var))))))

(defun vault-set-secret (provider secret &key (type :api-key))
  "Stores a secret in the vault."
  (let ((key (format nil "~a-~a" provider type)))
    (setf (gethash key *vault-memory*) secret)))
#+end_src

** Skill Registration
#+begin_src lisp
(defskill :skill-credentials-vault
  :priority 600
  :trigger (lambda (ctx) (declare (ignore ctx)) nil))
#+end_src