How to read the apikey from the .authinfo.gpg ?

[breadncup]

     gptel-backend (gptel-make-gemini "Gemini"
                     :key (gptel-api-key-from-auth-source "generativelanguage.googleapis.com")
                     :stream t)

I'm using gemini and the key is in the .authinfo.gpg

However, gptel-make-gemini cannot read the key from the gpg file.

If there is plain text of .authinfo, then it reads well.

Is there a way to read the .authinfo.gpg? for filling the apikey?

[karthink]

Please see the section of the README that explains how to store secrets in authinfo in a way that will work with gptel-api-key-from-auth-source.

You can also just ignore all of that and provide the key yourself, in whatever way works for you. Using authinfo is only a suggestion. I use GNU pass myself to store these API keys.

[breadncup]

That's not what I want. What I want is to use .authinfo.gpg as encrypted file instead of plain text .authinfo

gptel-api-key-from-auth-source tells just what key will be selected from .authinfo

Emacs already handles the gpg files, and I wonder why gptel does not leverage it.

[karthink]

gptel-api-key-from-auth-source expects the key to be stored with particular fields. For your example above this would be:

machine generativelanguage.googleapis.com login apikey password yourAPIkeyhere

This is covered in the README in the section "Securing API keys with authinfo".

In your gptel-backend definition the key can be just the function, calling the function at the time of definition will just store the string as the API key, which you don't want:

(gptel-make-gemini "Gemini"
  :key #'gptel-api-key-from-auth-source
  :stream t)

Finally, I repeat that you don't need any of the above, and don't have to use authsource with gptel -- you can retrieve the key however you'd like. I don't use authsource myself.

[breadncup]

I think you might’ve misunderstood what I was trying to say. I'm talking about using GPG, not about how the authinfo file or keys are used. What I want is to hide the key’s plain text by encrypting it into a GPG file, like .authinfo.gpg. You can store the key some other way, but it’s not encrypted, right? What I need is an encrypted key that gptel can use to get the credentials.

[karthink]

However, gptel-make-gemini cannot read the key from the gpg file.
...
Emacs already handles the gpg files, and I wonder why gptel does not leverage it.

gptel-get-api-key-from-auth-source works fine with a gpg-encrypted authinfo file. gptel just calls auth-source-search, so if it's not working you should check your GPG or auth-source configuration.

In my answer I tried to point out that gptel-get-api-key-from-auth-source expects keys to be stored in a particular way in authinfo.gpg, and if you aren't following that format you can write your function (that will possibly call auth-source-search).

[breadncup]

Thanks, @karthink , As I stated it in the original statement, it is working if I use .authinfo So, no format issue at all

Now, when I encrypt it to .authinfo.gpg, gptel does not recognize the credentials while mu4e which is also using .authinfo.gpg with a similar format has no issue.

So, I questioned it to gptel

Checking auth-sources, it shows

auth-sources is a variable defined in ‘auth-source.el’.

Its value is ("~/.authinfo" "~/.authinfo.gpg" "~/.netrc")

And, of course, the file exists.

[breadncup]

I found the issue. I thought the :key can accept the key string, so I configured the gptel as

gptel-backend (gptel-make-gemini "Gemini"
                     :key (gptel-api-key-from-auth-source "generativelanguage.googleapis.com")
                     :stream t)

However, it turns out it cannot find the key properly. I don't know the detail in the gptel inside, but when I put the :key session as gptel-api-key, then, everything is working good with the ~/.authinfo.gpg It does not matter with the GPG or plaintext.

It seems that I had the wrong configuration of it.

So, resolution for me is

     (setq gptel-backend (gptel-make-gemini "Gemini"
                     :host "generativelanguage.googleapis.com"
                     :key gptel-api-key
                     :stream t
                     :request-params nil :curl-args nil)

[karthink]

Yes, I posted the correct code in #833 (reply in thread)

[breadncup]

Thinking this again, I'm not sure why the initial configuration as

     gptel-backend (gptel-make-gemini "Gemini"
                     :key (gptel-api-key-from-auth-source "generativelanguage.googleapis.com")
                     :stream t)

was working with .authinfo without an encryption, and why the :key gptel-api-key works on both .authinfo and .authinfo.gpg

Do you have any idea?