IJPL-797 intellij.platform.credentialStore[.ui] review internal API

GitOrigin-RevId: a9482e8e17c07c2d10c9357cf94c42ec5f039cb9
2026-03-22 15:19:59 +07:00 · 2024-05-14 19:58:12 +02:00
parent e9fb55c821
commit 0bd1ab07eb
19 changed files with 82 additions and 216 deletions
--- a/platform/credential-store-ui/api-dump-unreviewed.txt
+++ b/platform/credential-store-ui/api-dump-unreviewed.txt
@@ -1,18 +0,0 @@
-f:com.intellij.credentialStore.CredentialStoreUiServiceImpl
- com.intellij.credentialStore.CredentialStoreUiService
- <init>():V
- notify(java.lang.String,java.lang.String,com.intellij.openapi.project.Project,com.intellij.notification.NotificationAction):V
- openSettings(com.intellij.openapi.project.Project):V
- showChangeMainPasswordDialog(java.awt.Component,kotlin.jvm.functions.Function2):Z
- showErrorMessage(java.awt.Component,java.lang.String,java.lang.String):V
- showRequestMainPasswordDialog(java.lang.String,java.lang.String,java.awt.Component,kotlin.jvm.functions.Function1):Z
-f:com.intellij.credentialStore.PasswordSafeConfigurable
- com.intellij.openapi.options.ConfigurableBase
- <init>():V
-f:com.intellij.credentialStore.PasswordSafeConfigurableUi
- com.intellij.openapi.options.ConfigurableUi
- <init>(com.intellij.credentialStore.PasswordSafeSettings):V
- apply(com.intellij.credentialStore.PasswordSafeSettings):V
- getComponent():javax.swing.JPanel
- isModified(com.intellij.credentialStore.PasswordSafeSettings):Z
- reset(com.intellij.credentialStore.PasswordSafeSettings):V
--- a/platform/credential-store-ui/api-dump.txt
+++ b/platform/credential-store-ui/api-dump.txt
--- a/platform/credential-store-ui/src/CredentialStoreUiServiceImpl.kt
+++ b/platform/credential-store-ui/src/CredentialStoreUiServiceImpl.kt
@@ -21,7 +21,7 @@ import javax.swing.JPasswordField

 internal val NOTIFICATION_MANAGER by lazy { SingletonNotificationManager("Password Safe", NotificationType.ERROR) }

-class CredentialStoreUiServiceImpl : CredentialStoreUiService {
+internal class CredentialStoreUiServiceImpl : CredentialStoreUiService {
  override fun notify(@NotificationTitle title: String, @NotificationContent content: String, project: Project?, action: NotificationAction?) {
    NOTIFICATION_MANAGER.notify(title, content, project) {
      if (action != null) {
--- a/platform/credential-store-ui/src/PasswordSafeConfigurable.kt
+++ b/platform/credential-store-ui/src/PasswordSafeConfigurable.kt
@@ -35,6 +35,7 @@ import com.intellij.ui.dsl.listCellRenderer.textListCellRenderer
 import com.intellij.ui.layout.chooseFile
 import com.intellij.ui.layout.selected
 import com.intellij.util.text.nullize
+import org.jetbrains.annotations.ApiStatus
 import java.io.File
 import java.nio.file.Paths
 import javax.swing.JCheckBox
@@ -46,9 +47,13 @@ import kotlin.io.path.isDirectory
 private val LOG: Logger
  get() = logger<PasswordSafeConfigurable>()

+/**
+ * API note: use [CredentialStoreUiService] instead of using this `.class` to show settings dialog
+ */
+@ApiStatus.Internal
 class PasswordSafeConfigurable : ConfigurableBase<PasswordSafeConfigurableUi, PasswordSafeSettings>("application.passwordSafe",
-                                                                                                             CredentialStoreBundle.message("password.safe.configurable"),
-                                                                                                             "reference.ide.settings.password.safe") {
+                                                                                                    CredentialStoreBundle.passwordSafeConfigurable,
+                                                                                                    "reference.ide.settings.password.safe") {
  private val settings = service<PasswordSafeSettings>()

  override fun getSettings() = settings
@@ -56,6 +61,7 @@ class PasswordSafeConfigurable : ConfigurableBase<PasswordSafeConfigurableUi, Pa
  override fun createUi() = PasswordSafeConfigurableUi(settings)
 }

+@ApiStatus.Internal
 class PasswordSafeConfigurableUi(private val settings: PasswordSafeSettings) : ConfigurableUi<PasswordSafeSettings> {
  private lateinit var panel: DialogPanel
  private lateinit var usePgpKey: JCheckBox
--- a/platform/credential-store/api-dump-unreviewed.txt
+++ b/platform/credential-store/api-dump-unreviewed.txt
@@ -1,186 +0,0 @@
-f:com.intellij.credentialStore.CredentialStoreBundle
- com.intellij.DynamicBundle
- sf:INSTANCE:com.intellij.credentialStore.CredentialStoreBundle
- f:message(java.lang.String,java.lang.Object[]):java.lang.String
- f:messagePointer(java.lang.String,java.lang.Object[]):java.util.function.Supplier
-com.intellij.credentialStore.CredentialStoreFactory
- sf:CREDENTIAL_STORE_FACTORY:com.intellij.openapi.extensions.ExtensionPointName
- a:create():com.intellij.credentialStore.CredentialStore
-f:com.intellij.credentialStore.CredentialStoreKt
- sf:createSecureRandom():java.security.SecureRandom
-com.intellij.credentialStore.CredentialStoreUiService
- sf:Companion:com.intellij.credentialStore.CredentialStoreUiService$Companion
- a:notify(java.lang.String,java.lang.String,com.intellij.openapi.project.Project,com.intellij.notification.NotificationAction):V
- a:openSettings(com.intellij.openapi.project.Project):V
- a:showChangeMainPasswordDialog(java.awt.Component,kotlin.jvm.functions.Function2):Z
- a:showErrorMessage(java.awt.Component,java.lang.String,java.lang.String):V
- a:showRequestMainPasswordDialog(java.lang.String,java.lang.String,java.awt.Component,kotlin.jvm.functions.Function1):Z
- bs:showRequestMainPasswordDialog$default(com.intellij.credentialStore.CredentialStoreUiService,java.lang.String,java.lang.String,java.awt.Component,kotlin.jvm.functions.Function1,I,java.lang.Object):Z
-f:com.intellij.credentialStore.CredentialStoreUiService$Companion
- f:getInstance():com.intellij.credentialStore.CredentialStoreUiService
-f:com.intellij.credentialStore.EncryptionSpec
- <init>(com.intellij.credentialStore.EncryptionType,java.lang.String):V
- f:component1():com.intellij.credentialStore.EncryptionType
- f:component2():java.lang.String
- f:copy(com.intellij.credentialStore.EncryptionType,java.lang.String):com.intellij.credentialStore.EncryptionSpec
- bs:copy$default(com.intellij.credentialStore.EncryptionSpec,com.intellij.credentialStore.EncryptionType,java.lang.String,I,java.lang.Object):com.intellij.credentialStore.EncryptionSpec
- equals(java.lang.Object):Z
- f:getPgpKeyId():java.lang.String
- f:getType():com.intellij.credentialStore.EncryptionType
- hashCode():I
- toString():java.lang.String
-f:com.intellij.credentialStore.EncryptionSupportKt
- sf:getDefaultEncryptionType():com.intellij.credentialStore.EncryptionType
- sf:toByteArrayAndClear(C[]):B[]
-e:com.intellij.credentialStore.EncryptionType
- java.lang.Enum
- sf:BUILT_IN:com.intellij.credentialStore.EncryptionType
- sf:CRYPT_32:com.intellij.credentialStore.EncryptionType
- sf:PGP_KEY:com.intellij.credentialStore.EncryptionType
- s:getEntries():kotlin.enums.EnumEntries
- s:valueOf(java.lang.String):com.intellij.credentialStore.EncryptionType
- s:values():com.intellij.credentialStore.EncryptionType[]
-com.intellij.credentialStore.KWallet
- org.freedesktop.dbus.interfaces.DBusInterface
- a:close(I,Z,java.lang.String):I
- a:isOpen(I):Z
- a:localWallet():java.lang.String
- a:open(java.lang.String,J,java.lang.String):I
- a:readPassword(I,java.lang.String,java.lang.String,java.lang.String):java.lang.String
- a:readPasswordList(I,java.lang.String,java.lang.String,java.lang.String):java.util.Map
- a:removeEntry(I,java.lang.String,java.lang.String,java.lang.String):I
- a:removeFolder(I,java.lang.String,java.lang.String):Z
- a:users(java.lang.String):java.util.List
- a:wallets():java.util.List
- a:writePassword(I,java.lang.String,java.lang.String,java.lang.String,java.lang.String):I
-f:com.intellij.credentialStore.MacOsKeychainLibraryKt
- sf:isMacOsCredentialStoreSupported():Z
-f:com.intellij.credentialStore.NativeCredentialStoreWrapperKt
- sf:wrappedInMemory():com.intellij.credentialStore.CredentialStore
-f:com.intellij.credentialStore.PasswordSafeOptions
- com.intellij.openapi.components.BaseState
- <init>():V
- f:getKeepassDb():java.lang.String
- f:getPgpKeyId():java.lang.String
- f:getProvider():com.intellij.credentialStore.ProviderType
- f:isRememberPasswordByDefault():Z
- f:setKeepassDb(java.lang.String):V
- f:setPgpKeyId(java.lang.String):V
- f:setProvider(com.intellij.credentialStore.ProviderType):V
- f:setRememberPasswordByDefault(Z):V
-f:com.intellij.credentialStore.PasswordSafeSettings
- com.intellij.openapi.components.PersistentStateComponentWithModificationTracker
- sf:Companion:com.intellij.credentialStore.PasswordSafeSettings$Companion
- sf:TOPIC:com.intellij.util.messages.Topic
- <init>():V
- f:getKeepassDb():java.lang.String
- f:getProviderType():com.intellij.credentialStore.ProviderType
- getState():com.intellij.credentialStore.PasswordSafeOptions
- getStateModificationCount():J
- loadState(com.intellij.credentialStore.PasswordSafeOptions):V
- f:setKeepassDb(java.lang.String):V
- f:setProviderType(com.intellij.credentialStore.ProviderType):V
-f:com.intellij.credentialStore.PasswordSafeSettings$Companion
-com.intellij.credentialStore.PasswordSafeSettingsListener
- credentialStoreCleared():V
- typeChanged(com.intellij.credentialStore.ProviderType,com.intellij.credentialStore.ProviderType):V
-com.intellij.credentialStore.gpg.GpgToolWrapper
- a:decrypt(B[]):B[]
- a:encrypt(B[],java.lang.String):B[]
- a:listSecretKeys():java.lang.String
-f:com.intellij.credentialStore.gpg.GpgUtilKt
- sf:createGpg():com.intellij.credentialStore.gpg.GpgToolWrapper
-f:com.intellij.credentialStore.gpg.Pgp
- <init>():V
- <init>(com.intellij.credentialStore.gpg.GpgToolWrapper):V
- b:<init>(com.intellij.credentialStore.gpg.GpgToolWrapper,I,kotlin.jvm.internal.DefaultConstructorMarker):V
- f:decrypt(B[]):B[]
- f:encrypt(B[],java.lang.String):B[]
- f:listKeys():java.util.List
-f:com.intellij.credentialStore.gpg.PgpKey
- <init>(java.lang.String,java.lang.String):V
- f:component1():java.lang.String
- f:component2():java.lang.String
- f:copy(java.lang.String,java.lang.String):com.intellij.credentialStore.gpg.PgpKey
- bs:copy$default(com.intellij.credentialStore.gpg.PgpKey,java.lang.String,java.lang.String,I,java.lang.Object):com.intellij.credentialStore.gpg.PgpKey
- equals(java.lang.Object):Z
- f:getKeyId():java.lang.String
- f:getUserId():java.lang.String
- hashCode():I
- toString():java.lang.String
-f:com.intellij.credentialStore.kdbx.IncorrectMainPasswordException
- java.lang.RuntimeException
- <init>():V
- <init>(Z):V
- b:<init>(Z,I,kotlin.jvm.internal.DefaultConstructorMarker):V
- f:isFileMissed():Z
-f:com.intellij.credentialStore.kdbx.KeePassDatabase
- <init>():V
- f:isDirty():Z
-a:com.intellij.credentialStore.keePass.BaseKeePassCredentialStore
- com.intellij.credentialStore.CredentialStore
- get(com.intellij.credentialStore.CredentialAttributes):com.intellij.credentialStore.Credentials
- pa:getDb():com.intellij.credentialStore.kdbx.KeePassDatabase
- pa:markDirty():V
- set(com.intellij.credentialStore.CredentialAttributes,com.intellij.credentialStore.Credentials):V
-f:com.intellij.credentialStore.keePass.InMemoryCredentialStore
- com.intellij.credentialStore.keePass.BaseKeePassCredentialStore
- com.intellij.ide.passwordSafe.PasswordStorage
- <init>():V
-f:com.intellij.credentialStore.keePass.KeePassCredentialStoreKt
- sf:DB_FILE_NAME:java.lang.String
- sf:getDefaultKeePassBaseDirectory():java.nio.file.Path
- sf:getDefaultMainPasswordFile():java.nio.file.Path
-c:com.intellij.credentialStore.keePass.KeePassFileManager
- <init>(java.nio.file.Path,java.nio.file.Path,com.intellij.credentialStore.EncryptionSpec,kotlin.Lazy):V
- f:askAndSetMainKey(com.intellij.openapi.actionSystem.AnActionEvent,java.lang.String):Z
- bs:askAndSetMainKey$default(com.intellij.credentialStore.keePass.KeePassFileManager,com.intellij.openapi.actionSystem.AnActionEvent,java.lang.String,I,java.lang.Object):Z
- f:clear():V
- pf:doSetNewMainPassword(C[],C[]):Z
- f:import(java.nio.file.Path,com.intellij.openapi.actionSystem.AnActionEvent):V
- p:requestCurrentAndNewKeys(java.awt.Component):Z
- p:requestMainPassword(java.lang.String,java.lang.String,java.awt.Component,kotlin.jvm.functions.Function1):Z
- bs:requestMainPassword$default(com.intellij.credentialStore.keePass.KeePassFileManager,java.lang.String,java.lang.String,java.awt.Component,kotlin.jvm.functions.Function1,I,java.lang.Object):Z
- f:saveMainKeyToApplyNewEncryptionSpec():V
- f:setCustomMainPasswordIfNeeded(java.nio.file.Path):V
- f:useExisting():V
-f:com.intellij.credentialStore.keePass.MainKey
- <init>(B[],Z,com.intellij.credentialStore.EncryptionSpec):V
- f:clear():V
- f:getEncryptionSpec():com.intellij.credentialStore.EncryptionSpec
- f:getValue():B[]
- f:isAutoGenerated():Z
- f:setValue(B[]):V
-f:com.intellij.credentialStore.keePass.MainKeyFileStorage
- <init>(java.nio.file.Path):V
- f:isAutoGenerated():Z
- f:load():B[]
- f:save(com.intellij.credentialStore.keePass.MainKey):V
-f:com.intellij.credentialStore.windows.WindowsCryptUtils
- s:protect(B[]):B[]
- s:unprotect(B[]):B[]
-a:com.intellij.ide.passwordSafe.impl.BasePasswordSafe
- com.intellij.ide.passwordSafe.PasswordSafe
- <init>(kotlinx.coroutines.CoroutineScope):V
- f:closeCurrentStore(Z,Z):V
- get(com.intellij.credentialStore.CredentialAttributes):com.intellij.credentialStore.Credentials
- getAsync(com.intellij.credentialStore.CredentialAttributes):org.jetbrains.concurrency.Promise
- f:getCurrentProvider():com.intellij.credentialStore.CredentialStore
- pa:getSettings():com.intellij.credentialStore.PasswordSafeSettings
- isMemoryOnly():Z
- isPasswordStoredOnlyInMemory(com.intellij.credentialStore.CredentialAttributes,com.intellij.credentialStore.Credentials):Z
- isRememberPasswordByDefault():Z
- f:save(kotlin.coroutines.Continuation):java.lang.Object
- set(com.intellij.credentialStore.CredentialAttributes,com.intellij.credentialStore.Credentials):V
- set(com.intellij.credentialStore.CredentialAttributes,com.intellij.credentialStore.Credentials,Z):V
- f:setCurrentProvider(com.intellij.credentialStore.CredentialStore):V
- setRememberPasswordByDefault(Z):V
-f:com.intellij.ide.passwordSafe.impl.PasswordSafeImplKt
- sf:createKeePassStore(java.nio.file.Path,java.nio.file.Path):com.intellij.ide.passwordSafe.PasswordSafe
- sf:createPersistentCredentialStore():com.intellij.credentialStore.CredentialStore
- sf:getDefaultKeePassDbFile():java.nio.file.Path
-f:com.intellij.ide.passwordSafe.impl.TestPasswordSafeImpl
- com.intellij.ide.passwordSafe.impl.BasePasswordSafe
- <init>():V
- <init>(com.intellij.credentialStore.PasswordSafeSettings):V
- <init>(com.intellij.credentialStore.PasswordSafeSettings,com.intellij.credentialStore.CredentialStore):V
--- a/platform/credential-store/api-dump.txt
+++ b/platform/credential-store/api-dump.txt
@@ -0,0 +1,25 @@
+f:com.intellij.credentialStore.CredentialStoreBundle
+- com.intellij.DynamicBundle
+- sf:INSTANCE:com.intellij.credentialStore.CredentialStoreBundle
+- f:getPasswordSafeConfigurable():java.lang.String
+com.intellij.credentialStore.CredentialStoreFactory
+- sf:CREDENTIAL_STORE_FACTORY:com.intellij.openapi.extensions.ExtensionPointName
+- a:create():com.intellij.credentialStore.CredentialStore
+f:com.intellij.credentialStore.CredentialStoreKt
+- sf:createSecureRandom():java.security.SecureRandom
+com.intellij.credentialStore.CredentialStoreUiService
+- sf:Companion:com.intellij.credentialStore.CredentialStoreUiService$Companion
+- a:notify(java.lang.String,java.lang.String,com.intellij.openapi.project.Project,com.intellij.notification.NotificationAction):V
+- a:openSettings(com.intellij.openapi.project.Project):V
+- a:showChangeMainPasswordDialog(java.awt.Component,kotlin.jvm.functions.Function2):Z
+- a:showErrorMessage(java.awt.Component,java.lang.String,java.lang.String):V
+- a:showRequestMainPasswordDialog(java.lang.String,java.lang.String,java.awt.Component,kotlin.jvm.functions.Function1):Z
+- bs:showRequestMainPasswordDialog$default(com.intellij.credentialStore.CredentialStoreUiService,java.lang.String,java.lang.String,java.awt.Component,kotlin.jvm.functions.Function1,I,java.lang.Object):Z
+f:com.intellij.credentialStore.CredentialStoreUiService$Companion
+- f:getInstance():com.intellij.credentialStore.CredentialStoreUiService
+f:com.intellij.credentialStore.EncryptionSupportKt
+- sf:toByteArrayAndClear(C[]):B[]
+com.intellij.credentialStore.PasswordSafeSettingsListener
+- sf:TOPIC:com.intellij.util.messages.Topic
+- credentialStoreCleared():V
+- typeChanged(com.intellij.credentialStore.ProviderType,com.intellij.credentialStore.ProviderType):V
--- a/platform/credential-store/exposed-third-party-api.txt
+++ b/platform/credential-store/exposed-third-party-api.txt
@@ -1,2 +0,0 @@
-kotlin/jvm/internal/DefaultConstructorMarker
-org/freedesktop/dbus/interfaces/DBusInterface
--- a/platform/credential-store/src/CredentialStoreBundle.kt
+++ b/platform/credential-store/src/CredentialStoreBundle.kt
@@ -2,6 +2,7 @@
 package com.intellij.credentialStore

 import com.intellij.DynamicBundle
+import org.jetbrains.annotations.ApiStatus
 import org.jetbrains.annotations.Nls
 import org.jetbrains.annotations.NonNls
 import org.jetbrains.annotations.PropertyKey
@@ -11,12 +12,15 @@ import java.util.function.Supplier
 private const val BUNDLE = "messages.CredentialStoreBundle"

 object CredentialStoreBundle : DynamicBundle(BUNDLE) {
-  @Nls
+  val passwordSafeConfigurable: @Nls String get() = message("password.safe.configurable")
+
+  @ApiStatus.Internal
  fun message(@PropertyKey(resourceBundle = BUNDLE) key: String,
-              vararg params: Any): String {
+              vararg params: Any): @Nls String {
    return getMessage(key, *params)
  }

+  @ApiStatus.Internal
  fun messagePointer(@PropertyKey(resourceBundle = BUNDLE) key: String,
                  vararg params: Any): Supplier<@Nls String> {
    return getLazyMessage(key, *params)
--- a/platform/credential-store/src/EncryptionSupport.kt
+++ b/platform/credential-store/src/EncryptionSupport.kt
@@ -6,6 +6,7 @@ import com.intellij.credentialStore.windows.WindowsCryptUtils
 import com.intellij.jna.JnaLoader
 import com.intellij.openapi.util.SystemInfo
 import com.intellij.util.io.toByteArray
+import org.jetbrains.annotations.ApiStatus
 import java.nio.ByteBuffer
 import java.nio.CharBuffer
 import java.security.Key
@@ -25,11 +26,13 @@ internal interface EncryptionSupport {
  fun decrypt(data: ByteArray): ByteArray
 }

+@ApiStatus.Internal
 enum class EncryptionType {
  BUILT_IN, CRYPT_32, PGP_KEY
 }

-fun getDefaultEncryptionType() = if (SystemInfo.isWindows) EncryptionType.CRYPT_32 else EncryptionType.BUILT_IN
+@ApiStatus.Internal
+fun getDefaultEncryptionType(): EncryptionType = if (SystemInfo.isWindows) EncryptionType.CRYPT_32 else EncryptionType.BUILT_IN

 private open class AesEncryptionSupport(private val key: Key) : EncryptionSupport {
  companion object {
@@ -73,6 +76,7 @@ private class PgpKeyEncryptionSupport(private val encryptionSpec: EncryptionSpec
  override fun decrypt(data: ByteArray) = Pgp().decrypt(data)
 }

+@ApiStatus.Internal
 data class EncryptionSpec(val type: EncryptionType, val pgpKeyId: String?)

 internal fun createEncryptionSupport(spec: EncryptionSpec): EncryptionSupport {
--- a/platform/credential-store/src/NativeCredentialStoreWrapper.kt
+++ b/platform/credential-store/src/NativeCredentialStoreWrapper.kt
@@ -147,7 +147,7 @@ private class LinuxCredentialStoreFactory : CredentialStoreFactory {
 }

@TestOnly
-fun wrappedInMemory(): CredentialStore = NativeCredentialStoreWrapper(InMemoryCredentialStore(), QueueProcessor<() -> Unit>(
+internal fun wrappedInMemory(): CredentialStore = NativeCredentialStoreWrapper(InMemoryCredentialStore(), QueueProcessor<() -> Unit>(
  BiConsumer { item, continuation ->
    try {
      QueueProcessor.runSafely(item)
--- a/platform/credential-store/src/PasswordSafeImpl.kt
+++ b/platform/credential-store/src/PasswordSafeImpl.kt
@@ -34,6 +34,7 @@ import java.nio.file.Paths
 private val LOG: Logger
  get() = logger<CredentialStore>()

+@Internal
 abstract class BasePasswordSafe(private val coroutineScope: CoroutineScope) : PasswordSafe() {
  protected abstract val settings: PasswordSafeSettings

@@ -155,6 +156,7 @@ abstract class BasePasswordSafe(private val coroutineScope: CoroutineScope) : Pa
 }

@TestOnly
+@Internal
 class TestPasswordSafeImpl @NonInjectable constructor(
  override val settings: PasswordSafeSettings
 ) : BasePasswordSafe(coroutineScope = (ApplicationManager.getApplication() as ComponentManagerEx).getCoroutineScope()) {
@@ -174,6 +176,7 @@ class PasswordSafeImpl(coroutineScope: CoroutineScope) : BasePasswordSafe(corout
    get() = service<PasswordSafeSettings>()
 }

+@Internal
 fun getDefaultKeePassDbFile(): Path = getDefaultKeePassBaseDirectory().resolve(DB_FILE_NAME)

 private fun computeProvider(settings: PasswordSafeSettings): CredentialStore {
@@ -239,6 +242,7 @@ private fun computeProvider(settings: PasswordSafeSettings): CredentialStore {
  return InMemoryCredentialStore()
 }

+@Internal
 fun createPersistentCredentialStore(): CredentialStore? {
  for (factory in CredentialStoreFactory.CREDENTIAL_STORE_FACTORY.extensionList) {
    return factory.create() ?: continue
@@ -247,6 +251,7 @@ fun createPersistentCredentialStore(): CredentialStore? {
 }

@TestOnly
+@Internal
 fun createKeePassStore(dbFile: Path, mainPasswordFile: Path): PasswordSafe {
  val store = KeePassCredentialStore(dbFile, mainPasswordFile)
  val settings = PasswordSafeSettings()
--- a/platform/credential-store/src/PasswordSafeSettings.kt
+++ b/platform/credential-store/src/PasswordSafeSettings.kt
@@ -8,19 +8,24 @@ import com.intellij.openapi.util.SystemInfo
 import com.intellij.util.messages.Topic
 import com.intellij.util.text.nullize
 import com.intellij.util.xmlb.annotations.OptionTag
+import org.jetbrains.annotations.ApiStatus

 private val defaultProviderType: ProviderType
  get() = CredentialStoreManager.getInstance().defaultProvider()

+@ApiStatus.Internal
@State(name = "PasswordSafe",
       category = SettingsCategory.SYSTEM,
       exportable = true,
       storages = [Storage(value = "security.xml", roamingType = RoamingType.DISABLED)], reportStatistic = false)
 class PasswordSafeSettings : PersistentStateComponentWithModificationTracker<PasswordSafeOptions> {
  companion object {
+    /**
+     * API note: moved to [PasswordSafeSettingsListener.TOPIC]
+     */
    @JvmField
    @Topic.AppLevel
-    val TOPIC: Topic<PasswordSafeSettingsListener> = Topic("PasswordSafeSettingsListener", PasswordSafeSettingsListener::class.java)
+    val TOPIC: Topic<PasswordSafeSettingsListener> = PasswordSafeSettingsListener.TOPIC
  }

  private var state = PasswordSafeOptions()
@@ -75,6 +80,7 @@ class PasswordSafeSettings : PersistentStateComponentWithModificationTracker<Pas
  override fun getStateModificationCount() = state.modificationCount
 }

+@ApiStatus.Internal
 class PasswordSafeOptions : BaseState() {
  // do not use it directly
  @get:OptionTag("PROVIDER")
--- a/platform/credential-store/src/PasswordSafeSettingsListener.java
+++ b/platform/credential-store/src/PasswordSafeSettingsListener.java
@@ -1,8 +1,12 @@
 package com.intellij.credentialStore;

+import com.intellij.util.messages.Topic;
 import org.jetbrains.annotations.NotNull;

 public interface PasswordSafeSettingsListener {
+  @Topic.AppLevel
+  Topic<PasswordSafeSettingsListener> TOPIC = new Topic<>("PasswordSafeSettingsListener", PasswordSafeSettingsListener.class);
+
  default void typeChanged(@NotNull ProviderType oldValue, @NotNull ProviderType newValue) {
  }

--- a/platform/credential-store/src/gpg/gpgUtil.kt
+++ b/platform/credential-store/src/gpg/gpgUtil.kt
@@ -6,7 +6,9 @@ import com.intellij.openapi.application.ApplicationManager
 import com.intellij.openapi.util.NlsSafe
 import com.intellij.openapi.util.text.StringUtilRt
 import com.intellij.util.SmartList
+import org.jetbrains.annotations.ApiStatus

+@ApiStatus.Internal
 class Pgp(private val gpgTool: GpgToolWrapper = createGpg()) {
  // only keys with "Encrypt" capability are returned
  fun listKeys(): List<PgpKey> {
@@ -61,6 +63,7 @@ class Pgp(private val gpgTool: GpgToolWrapper = createGpg()) {
  fun encrypt(data: ByteArray, recipient: String) = gpgTool.encrypt(data, recipient)
 }

+@ApiStatus.Internal
 interface GpgToolWrapper {
  fun listSecretKeys(): String

@@ -69,7 +72,7 @@ interface GpgToolWrapper {
  fun decrypt(data: ByteArray): ByteArray
 }

-fun createGpg(): GpgToolWrapper {
+private fun createGpg(): GpgToolWrapper {
  if (ApplicationManager.getApplication().isUnitTestMode) {
    return DummyGpgToolWrapper()
  }
@@ -93,4 +96,5 @@ private class DummyGpgToolWrapper : GpgToolWrapper {
  override fun listSecretKeys() = ""
 }

+@ApiStatus.Internal
 data class PgpKey(@NlsSafe val keyId: String, @NlsSafe val userId: String)
--- a/platform/credential-store/src/kdbx/package-info.java
+++ b/platform/credential-store/src/kdbx/package-info.java
@@ -0,0 +1,5 @@
+// Copyright 2000-2024 JetBrains s.r.o. and contributors. Use of this source code is governed by the Apache 2.0 license.
+@ApiStatus.Internal
+package com.intellij.credentialStore.kdbx;
+
+import org.jetbrains.annotations.ApiStatus;
--- a/platform/credential-store/src/keePass/package-info.java
+++ b/platform/credential-store/src/keePass/package-info.java
@@ -0,0 +1,5 @@
+// Copyright 2000-2024 JetBrains s.r.o. and contributors. Use of this source code is governed by the Apache 2.0 license.
+@ApiStatus.Internal
+package com.intellij.credentialStore.keePass;
+
+import org.jetbrains.annotations.ApiStatus;
--- a/platform/credential-store/src/linuxKWalletLibrary.kt
+++ b/platform/credential-store/src/linuxKWalletLibrary.kt
@@ -117,7 +117,7 @@ internal class KWalletCredentialStore private constructor(private val connection
 }

@DBusInterfaceName("org.kde.KWallet")
-interface KWallet : DBusInterface {
+private interface KWallet : DBusInterface {
  fun localWallet(): String?
  fun wallets(): List<String>
  fun users(wallet: String): List<String>
--- a/platform/credential-store/src/macOsKeychainLibrary.kt
+++ b/platform/credential-store/src/macOsKeychainLibrary.kt
@@ -9,7 +9,9 @@ import com.sun.jna.ptr.IntByReference
 import com.sun.jna.ptr.PointerByReference
 import it.unimi.dsi.fastutil.ints.Int2ObjectMap
 import it.unimi.dsi.fastutil.ints.Int2ObjectOpenHashMap
+import org.jetbrains.annotations.ApiStatus

+@get:ApiStatus.Internal
 val isMacOsCredentialStoreSupported: Boolean
  get() = SystemInfo.isMac

--- a/platform/credential-store/src/windows/WindowsCryptUtils.java
+++ b/platform/credential-store/src/windows/WindowsCryptUtils.java
@@ -5,11 +5,13 @@ import com.sun.jna.Memory;
 import com.sun.jna.platform.win32.Crypt32;
 import com.sun.jna.platform.win32.Kernel32;
 import com.sun.jna.platform.win32.WinCrypt;
+import org.jetbrains.annotations.ApiStatus;
 import org.jetbrains.annotations.NotNull;

 /**
 * Windows Utilities for the Password Safe
 */
+@ApiStatus.Internal
 public final class WindowsCryptUtils {
  private WindowsCryptUtils() { }