CLI flags containing credentials (--api-key, --api-password) are visible in process listings. Use environment variables instead:
Used for authenticated API access to private wikis. Applies globally across analyze, claim, export, and cron:
| CLI flag | Environment variable |
|---|---|
--api-key |
REFRACT_MEDIAWIKI_API_KEY |
--api-user |
REFRACT_MEDIAWIKI_API_USER |
--api-password |
REFRACT_MEDIAWIKI_API_PASSWORD |
Used only for refract classify to call an LLM at a BYO-inference boundary:
| CLI flag | Environment variable |
|---|---|
--api-key |
REFRACT_INFERENCE_API_KEY |
--endpoint |
REFRACT_INFERENCE_ENDPOINT |
--model |
REFRACT_INFERENCE_MODEL |
When using --cache, revision content is persisted to ~/.wikihistory/refract.db (SQLite). This file contains full wikitext from every revision fetched. On shared machines, set --cache-dir to an encrypted volume.
Refract makes outbound HTTPS requests to the configured MediaWiki API. Authentication tokens are sent as Authorization or x-api-key headers. All traffic is encrypted in transit.
Bundled evidence files (--bundle) are signed but not encrypted — they contain plaintext event data with a SHA-256 hash for integrity verification.
Cached revision data persists indefinitely in ~/.wikihistory/refract.db. Clear it manually:
rm -rf ~/.wikihistory/There is no automatic data retention policy. The cache only contains data you explicitly fetched.