toolhive with Keyctl won't ask password again if first mistaken

[jpambrun]

Bug description

I have Keyctl enable and working. I can list/get/set secrets. On reboot, on first get toolhive request the keyctl password again. If I mistype, all following invocation will fail. The only workaround I could find is to reboot.

Steps to reproduce

❯ toolhive secret get github
5:18PM  INFO    Using keyring provider: Linux Keyctl
ToolHive needs a password to secure your credentials in the OS keyring.
This password will be used to encrypt and decrypt API tokens and other secrets
that need to be accessed by MCP servers. It will be securely stored in your OS keyring
so you won't need to enter it each time.
Please enter your keyring password:
5:18PM  INFO    writing password to Linux Keyctl
Error: failed to create secrets manager: failed to create secrets manager: unable to decrypt secrets file: cipher: message authentication failed

~
❯ toolhive secret get github
5:18PM  INFO    Using keyring provider: Linux Keyctl
Error: failed to create secrets manager: failed to create secrets manager: unable to decrypt secrets file: cipher: message authentication failed

Expected behavior

I expect to have a second chance at typing my password.

Actual behavior

I can't retry before rebooting.

Environment (if relevant)

• OS/version: Linux under WSL
• ToolHive version: v0.7.1 73d4f26

Additional context

Any additional information or logs you think might help.

[JAORMX]

Thanks for reporting this. We've identified the root cause and are working on a fix.

Workaround: Run thv secret reset-keyring to clear the cached password, then retry with the correct password.

[JAORMX]

Got a fix ready, it should be included in the next toolhive release. At least it's in main now.