From 1b0781dc68f355fd32706f122bac8719fd8f74de Mon Sep 17 00:00:00 2001
From: Jeremie Fraeys <jfaeys@gmail.com>
Date: Sat, 21 Feb 2026 21:19:46 -0500
Subject: [PATCH] fix(auth): make DeleteAPIKey resilient to keyring errors

DeleteAPIKey now ignores primary keyring errors (e.g., dbus unavailable)

and always cleans up the fallback store
---
 internal/auth/keychain.go | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/internal/auth/keychain.go b/internal/auth/keychain.go
index 63263c5..128ba89 100644
--- a/internal/auth/keychain.go
+++ b/internal/auth/keychain.go
@@ -92,11 +92,11 @@ func (km *KeychainManager) GetAPIKey(service, account string) (string, error) {
 
 // DeleteAPIKey removes a key from both stores.
 func (km *KeychainManager) DeleteAPIKey(service, account string) error {
-	if err := km.primary.Delete(service, account); err != nil &&
-		!errors.Is(err, keyring.ErrNotFound) &&
-		!errors.Is(err, keyring.ErrUnsupportedPlatform) {
-		return fmt.Errorf("failed to delete API key: %w", err)
-	}
+	// Try to delete from primary keyring, but don't fail on keyring errors
+	// (e.g., dbus unavailable, permission denied) - just clean up fallback
+	_ = km.primary.Delete(service, account)
+	
+	// Always clean up fallback
 	if err := km.fallback.delete(service, account); err != nil && !errors.Is(err, os.ErrNotExist) {
 		return err
 	}