Extension headers are stored in plaintext in config file

[dianed-square]

Describe the bug

Headers for streamable_http extensions are stored in plaintext in the config.yaml file instead of being securely stored, e.g. in the system keychain. Some headers contain sensitive credentials (e.g., Personal Access Tokens, API keys).

To Reproduce
Steps to reproduce the behavior:

1. Install a third-party extension (e.g., GitHub MCP extension) with authentication headers
2. Add an Authorization header with a PAT: Authorization: Bearer github_pat_xxxxx
3. Save the extension configuration
4. Open ~/.config/goose/config.yaml
5. Observe the PAT is stored in plaintext

Expected behavior

Header values should be stored securely, similar to how environment variables are handled.

Screenshots

Example from config.yaml showing plaintext token:

extensions:
  github:
    headers:
      Authorization: Bearer github_pat_11ARRU44Y0Cf5xSzEaM83L_[REDACTED]

**Please provide following information:**
 - **OS & Arch:** macOS
 - **Interface:** UI
 - **Version:** v1.12.1
 - **Extensions enabled:** Developer. Todo, Extension Manager, GitHub
 - **Provider & Model:** n/a

**Additional context**

Could address issue #4307's security concerns by using automatic keychain storage

[DOsinga]

this is true, but I am not sure what to do about it. storing all the headers in the keychain makes it hard to maintain these things by hand.

[dianed-square]

There seems to be good support for editing env vars in the UI

[DOsinga]

would this work as a solution: #5439

[dianed-square]

I think that would address the security concern but with caveats that it would complicate configuration and also seems like a non-standard (?) approach. We could try to clearly document the setup though.

[DOsinga]

#5439 is now merged. What do you mean with a non standard approach? storing secrets in environment variables and substituting seems like a pretty good path to me. if we store everything the user enters in the keychain rather than in the yaml, you can't edit anything directly. tokens and secrets for extensions could really be anywhere, not just the headers, even in the command

[dianed-square]

Non standard in terms of needing to provide an env var for a header during setup?