Problem

Currently, users must manage API keys through environment variables or hardcode them in config.json, which is cumbersome and can be insecure.

Proposed Solution

Add a new ccr config command that provides secure storage for API keys, following the same conventions as SSH, AWS CLI, npm, and Docker.

Features

• Store API keys securely in ~/.claude-code-router/keys with 0600 permissions
• Simple commands: ccr config set/get/list/delete <provider>
• Keys take precedence over environment variables
• Backward compatible - env vars still work as fallback
• Easy migration path from environment variables

Implementation

PR incoming with a clean abstraction that supports multiple storage backends. Initial implementation uses file-based storage with Unix permissions. Future enhancement can add OS keychain support.

Example Usage

# Store an API key
ccr config set cerebras

# Migrate from environment variable
echo $CEREBRAS_API_KEY | ccr config set cerebras

# List configured providers
ccr config list