# Credential resolution Credential resolution is the **caller's** responsibility. `initialise_table_benchling` takes a fully-constructed `BenchlingContext` via `ctx=`, so this package never sees `client_id` / `client_secret` directly — it only uses `ctx` to authenticate and pull schemas. Authentication is delegated entirely to `mgtx-benchling-wrapper`. How you load credentials (env vars, `config.yaml`, a keystore) is up to your deployment — store them as plaintext for the wrapper to consume. ## Basic shape ```python from mgtx_benchling_wrapper.context.benchling_context import BenchlingContext from xlwings_package import initialise_table_benchling # Resolve your client_secret however you like — plaintext from env, # config.yaml, or a keystore — then build the ctx and call the function. client_secret = my_resolve_secret(...) # your code ctx = BenchlingContext( client_id="your-oauth2-app-client-id", client_secret=client_secret, base_url="https://yourorg.benchling.com", token_url="https://yourorg.benchling.com/api/v2/token", ) initialise_table_benchling(wb, {"Assay Results": ["assaysch_abc123"]}, ctx=ctx) ``` ## Loading from `config.yaml` The OAuth2 fields follow the layout documented by `mgtx-benchling-wrapper`. Copy `config.yaml.example` at the repo root to `config.yaml` (gitignored) and fill it in with plaintext values. A typical loader: ```python import yaml from mgtx_benchling_wrapper.context.benchling_context import BenchlingContext with open("config.yaml") as f: creds = yaml.safe_load(f)["BenchlingCredentials"] ctx = BenchlingContext(**creds) ``` ## What the package does NOT do - **It does no credential resolution.** It ships no config loader and no encryption/decryption — that all lives in `mgtx-benchling-wrapper` and your own deployment glue. - **It never reads plaintext from disk.** The `ctx` you pass is the only contact point. - **It never logs `client_secret`.** Authentication is delegated to `mgtx-benchling-wrapper`; this package only touches the context after it has been constructed.