Add encryption for credential storage

## Summary
Credentials are currently stored in plaintext JSON files. This is a security risk for production use.

## Current State
- Credentials stored in `~/.sylphx-code/credentials.json` (global)
- Credentials stored in `.sylphx-code/credentials.local.json` (project)
- Files use restrictive permissions (0600) but content is plaintext

## Proposed Solution
Add encryption layer for credential storage:
- Use AES-256-GCM for encryption
- Derive encryption key from system keyring or user password
- Encrypt only the `apiKey` field, keep metadata readable
- Maintain backward compatibility with plaintext for migration

## Affected Files
- `packages/code-core/src/registry/credential-registry.ts`
- `packages/code-core/src/config/credential-manager.ts`
- `packages/code-core/src/types/credential.types.ts`

## Priority
Medium - Current implementation is acceptable for development/single-user use, but required before production release.

## References
- OWASP: [Cryptographic Storage Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Add encryption for credential storage #1

Summary

Current State

Proposed Solution

Affected Files

Priority

References

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Add encryption for credential storage #1

Description

Summary

Current State

Proposed Solution

Affected Files

Priority

References

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions