{
	"$schema": "http://json-schema.org/draft-07/schema#",
	"$id": "https://raw.githubusercontent.com/spencerbeggs/reposets/main/package/schemas/reposets.credentials.schema.json",
	"type": "object",
	"properties": {
		"profiles": {
			"type": "object",
			"additionalProperties": {
				"$ref": "#/$defs/CredentialProfile"
			},
			"description": "Named credential profiles. If only one profile is defined, it is used automatically for all repo groups.",
			"title": "Credential profiles",
			"x-tombi-additional-key-label": "profile_name"
		}
	},
	"additionalProperties": false,
	"description": "Authentication profiles for reposets. This file should be gitignored.",
	"title": "reposets Credentials",
	"x-taplo": {
		"links": {
			"key": "https://github.com/spencerbeggs/reposets/blob/main/docs/credentials.md"
		},
		"initKeys": ["profiles"]
	},
	"$defs": {
		"CredentialProfile": {
			"type": "object",
			"required": ["github_token"],
			"properties": {
				"github_token": {
					"type": "string",
					"description": "A GitHub personal access token (fine-grained) with administration, secrets, variables, environments, and GPG keys permissions",
					"title": "GitHub token",
					"examples": ["ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"]
				},
				"op_service_account_token": {
					"type": "string",
					"description": "A 1Password service account token for resolving op:// secret references",
					"title": "1Password service account token",
					"examples": ["ops_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"]
				},
				"resolve": {
					"$ref": "#/$defs/ResolveSection"
				}
			},
			"additionalProperties": false,
			"description": "Authentication credentials for a GitHub account with optional named values for secret and variable resolution",
			"title": "Credential profile",
			"x-taplo": {
				"links": {
					"key": "https://github.com/spencerbeggs/reposets/blob/main/docs/credentials.md"
				},
				"initKeys": ["github_token"]
			}
		},
		"ResolveSection": {
			"type": "object",
			"properties": {
				"op": {
					"type": "object",
					"additionalProperties": {
						"type": "string"
					},
					"description": "Named values resolved via 1Password SDK. Values are op:// reference strings.",
					"title": "1Password references",
					"x-tombi-additional-key-label": "label"
				},
				"file": {
					"type": "object",
					"additionalProperties": {
						"type": "string"
					},
					"description": "Named values read from files. Values are file paths relative to the credentials directory.",
					"title": "File references",
					"x-tombi-additional-key-label": "label"
				},
				"value": {
					"type": "object",
					"additionalProperties": {
						"anyOf": [
							{
								"type": "string"
							},
							{
								"type": "object",
								"additionalProperties": {}
							}
						]
					},
					"description": "Named inline values. Strings are used as-is, objects are JSON-stringified.",
					"title": "Inline values",
					"x-tombi-additional-key-label": "label"
				}
			},
			"additionalProperties": false,
			"description": "Named values resolved from 1Password, files, or inline. Referenced by resolved entries in secret and variable groups.",
			"title": "Resolve section",
			"x-taplo": {
				"links": {
					"key": "https://github.com/spencerbeggs/reposets/blob/main/docs/credentials.md"
				}
			}
		}
	},
	"x-tombi-toml-version": "v1.1.0"
}