From 7641cc289c7fa0de65283c0b9101669bb7a27437 Mon Sep 17 00:00:00 2001
From: secustor <sebastian@poxhofer.at>
Date: Tue, 10 Mar 2026 07:37:29 +0100
Subject: [PATCH 1/2] docs(auth export): documment --unmasked flag

---
 src/auth_commands.rs | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/auth_commands.rs b/src/auth_commands.rs
index 70743b25..a5407afd 100644
--- a/src/auth_commands.rs
+++ b/src/auth_commands.rs
@@ -144,6 +144,7 @@ pub async fn handle_auth_command(args: &[String]) -> Result<(), GwsError> {
         "           --login          Run `gws auth login` after successful setup\n",
         "  status   Show current authentication state\n",
         "  export   Print decrypted credentials to stdout\n",
+        "           --unmasked       Print full credentials including secrets (default: masked)\n",
         "  logout   Clear saved credentials and token cache",
     );
 
@@ -397,6 +398,7 @@ async fn fetch_userinfo_email(access_token: &str) -> Option<String> {
         .map(|s| s.to_string())
 }
 
+/// Export credentials to stdout 
 async fn handle_export(unmasked: bool) -> Result<(), GwsError> {
     let enc_path = credential_store::encrypted_credentials_path();
     if !enc_path.exists() {

From eefbe5218c0b6b8b49197d69c0775d85c62968e7 Mon Sep 17 00:00:00 2001
From: secustor <sebastian@poxhofer.at>
Date: Tue, 10 Mar 2026 07:44:42 +0100
Subject: [PATCH 2/2] chore: add changeset and format code

---
 .changeset/tame-rabbits-yawn.md | 5 +++++
 src/auth_commands.rs            | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)
 create mode 100644 .changeset/tame-rabbits-yawn.md

diff --git a/.changeset/tame-rabbits-yawn.md b/.changeset/tame-rabbits-yawn.md
new file mode 100644
index 00000000..230a0ce5
--- /dev/null
+++ b/.changeset/tame-rabbits-yawn.md
@@ -0,0 +1,5 @@
+---
+"@googleworkspace/cli": patch
+---
+
+Document `unmasked` flag for `gws auth export`
diff --git a/src/auth_commands.rs b/src/auth_commands.rs
index a5407afd..ca7cd7ab 100644
--- a/src/auth_commands.rs
+++ b/src/auth_commands.rs
@@ -398,7 +398,7 @@ async fn fetch_userinfo_email(access_token: &str) -> Option<String> {
         .map(|s| s.to_string())
 }
 
-/// Export credentials to stdout 
+/// Export credentials to stdout
 async fn handle_export(unmasked: bool) -> Result<(), GwsError> {
     let enc_path = credential_store::encrypted_credentials_path();
     if !enc_path.exists() {