[Security] Broaden audit/config secret redaction key matching #236

Closed
opened 2026-07-11 11:39:42 +02:00 by zemion · 2 comments
Owner

Audit/config redaction catches common exact keys, but exact matching can miss compound names introduced by newer connectors, such as bearer_token or client_secret.

Code paths: src/govoplan_core/audit/logging.py:29, src/govoplan_core/core/configuration_control.py:379, src/govoplan_core/core/configuration_safety.py:413.

Acceptance: redaction and plain-secret detection normalize separators and match sensitive tokens in compound names, and tests cover bearer_token, client_secret, refreshToken, api-key, and existing exact keys.

Audit/config redaction catches common exact keys, but exact matching can miss compound names introduced by newer connectors, such as `bearer_token` or `client_secret`. Code paths: `src/govoplan_core/audit/logging.py:29`, `src/govoplan_core/core/configuration_control.py:379`, `src/govoplan_core/core/configuration_safety.py:413`. Acceptance: redaction and plain-secret detection normalize separators and match sensitive tokens in compound names, and tests cover `bearer_token`, `client_secret`, `refreshToken`, `api-key`, and existing exact keys. <!-- codex-audit-2026-07-11:secret-redaction -->
Author
Owner

Codex state update: implemented locally in /mnt/DATA/git/govoplan-core.

Summary:

  • Added shared structured secret redaction for audit details and configuration control output.
  • Compound/camel/kebab keys such as bearer_token, clientSecret, and api-key are now treated as sensitive.
  • Configuration safety now rejects plain nested secret values while still allowing secret-reference fields.

Verification:

  • python -m unittest tests.test_core_events tests.test_policy_contracts
  • python -m py_compile for touched core modules

Left open until the local code is reviewed/committed/pushed.

Codex state update: implemented locally in `/mnt/DATA/git/govoplan-core`. Summary: - Added shared structured secret redaction for audit details and configuration control output. - Compound/camel/kebab keys such as `bearer_token`, `clientSecret`, and `api-key` are now treated as sensitive. - Configuration safety now rejects plain nested secret values while still allowing secret-reference fields. Verification: - `python -m unittest tests.test_core_events tests.test_policy_contracts` - `python -m py_compile` for touched core modules Left open until the local code is reviewed/committed/pushed.
Author
Owner

Closing per user request; this issue is covered by the local changes ready to push.

Fixed locally: audit/config redaction detects compound secret keys and configuration safety rejects nested plain secrets.

Closing per user request; this issue is covered by the local changes ready to push. Fixed locally: audit/config redaction detects compound secret keys and configuration safety rejects nested plain secrets.
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: add-ideas/govoplan-core#236
No description provided.