Skip to content

Expand secret redaction patterns #311

New issue
New issue
Closed
#320
Closed
Expand secret redaction patterns#311
#320
Labels
coresecuritySecurity hardening
@bug-ops

Description

@bug-ops
bug-ops
opened on Feb 15, 2026

Context

Security audit (2026-02-15) reviewed zeph-core/src/redact.rs and suggests adding additional API key prefixes to the redaction patterns.

Severity

Informational — current patterns cover major providers.

Suggested additions

const SECRET_PREFIXES: &[&str] = &[
    // ... existing patterns
    "AIza",          // Google API keys
    "ya29.",         // Google OAuth tokens
    "glpat-",       // GitLab PAT
];

Acceptance criteria

  • New prefixes added to SECRET_PREFIXES
  • Tests verify redaction of new patterns

Metadata

Metadata

Assignees

No one assigned

    Labels

    coresecuritySecurity hardening

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions