Skip to content

Add built-in pattern detection for secret redaction in compiled logs #11175

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
pelikhan merged 7 commits into from
Jan 22, 2026
Merged

Add built-in pattern detection for secret redaction in compiled logs #11175

pelikhan merged 7 commits into from
Jan 22, 2026

Conversation

Copy link
Contributor

Copilot AI commented Jan 22, 2026
edited by agentic-workflows-dev bot
Loading

Add extensive tests for secret redaction with built-in patterns

Completed:

  • Explore repository structure and understand redact_secrets.cjs
  • Review existing test infrastructure
  • Verify current tests pass
  • Add built-in pattern detection for common credential types
    • GitHub tokens (ghp_, ghs_, gho_, ghu_, github_pat_, ghr_)
    • Azure tokens (Storage keys, SAS tokens)
    • Google tokens (AIzaSy, ya29. patterns)
    • AWS tokens (AKIA pattern)
    • OpenAI tokens (sk-, sk-proj- patterns)
    • Anthropic tokens (sk-ant-api03- pattern)
  • Update main() to always scan for built-in patterns
  • Export functions for testing
  • Extend redact_secrets.test.cjs with comprehensive tests (33 total tests)
    • Test built-in GitHub token patterns (6 tests)
    • Test built-in Azure token patterns (2 tests)
    • Test built-in Google token patterns (2 tests)
    • Test built-in AWS token patterns (1 test)
    • Test built-in OpenAI token patterns (2 tests)
    • Test built-in Anthropic token patterns (1 test)
    • Test combination of built-in and custom secrets (2 tests)
    • Test edge cases (7 tests)
  • Run tests and validate changes (all 33 tests pass)
  • Format and lint JavaScript code
  • Merge main branch
  • Recompile workflows

Summary:

Successfully added built-in pattern detection to redact_secrets.cjs to automatically redact common credential types (GitHub, Azure, Google, AWS, OpenAI, Anthropic tokens) without requiring them to be explicitly listed in environment variables. Added 24 new comprehensive tests covering all patterns, combinations, and edge cases. All tests pass successfully. Merged latest changes from main and recompiled all workflows.

Original prompt

Add extensive tests for the JavaScript that redacts secrets in compiled log files. Use built-in patterns for common credentials such as GitHub tokens, Azure tokens, and Google tokens, and ensure it also redacts any additional provided secrets.

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

Changeset

  • Type: patch
  • Description: Add built-in secret pattern detection to redact_secrets.cjs and comprehensive tests covering GitHub, Azure, Google, AWS, OpenAI, and Anthropic token patterns; includes tests for combinations with custom secrets.

Ahoy! This treasure was crafted by 🏴‍☠️ Changeset Generator

Copilot AI and others added 3 commits January 22, 2026 04:32
@pelikhan
Initial exploration - understanding redact_secrets functionality
c9219c6 
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
@pelikhan
Add built-in pattern detection for secret redaction
db20838 
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
@pelikhan
Add comprehensive tests for secret redaction with built-in patterns
c2b1739 
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title [WIP] Add tests for redacting secrets in compiled log files Add built-in pattern detection for secret redaction in compiled logs Jan 22, 2026
Copilot AI requested a review from pelikhan January 22, 2026 04:55
pelikhan
pelikhan reviewed Jan 22, 2026
View reviewed changes
actions/setup/js/redact_secrets.cjs
{ name: "Google OAuth Access Token", pattern: /ya29\.[0-9A-Za-z_-]+/g },

// AWS tokens
{ name: "AWS Access Key ID", pattern: /AKIA[0-9A-Z]{16}/g },
Copy link
Contributor

@pelikhan pelikhan Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@copilot add OpenAI patterns, Anthropic patterns

Copy link
Contributor Author

Copilot AI Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added OpenAI and Anthropic patterns in commit 9305944:

  • OpenAI API Key: sk-[a-zA-Z0-9]{48}
  • OpenAI Project API Key: sk-proj-[a-zA-Z0-9]{48,64}
  • Anthropic API Key: sk-ant-api03-[a-zA-Z0-9_-]{95}

Added 3 comprehensive tests covering all patterns. All 33 tests pass.

@pelikhan
Copy link
Contributor

pelikhan commented Jan 22, 2026

@copilot merge main, recompile

@pelikhan
Add OpenAI and Anthropic API key patterns to secret redaction
9305944 
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI requested a review from pelikhan January 22, 2026 05:20
@pelikhan
Copy link
Contributor

pelikhan commented Jan 22, 2026

@copilot, merge main and recompile.

Copy link
Contributor Author

Copilot AI commented Jan 22, 2026

@copilot merge main, recompile

Merged main and recompiled in commit 6983e7b. All 33 tests pass successfully.

@pelikhan pelikhan added the smoke label Jan 22, 2026
@github-actions
Copy link
Contributor

github-actions bot commented Jan 22, 2026
edited
Loading

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

@github-actions
Copy link
Contributor

github-actions bot commented Jan 22, 2026
edited
Loading

🎬 THE ENDSmoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

@github-actions
Copy link
Contributor

github-actions bot commented Jan 22, 2026
edited
Loading

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

@github-actions
Copy link
Contributor

github-actions bot commented Jan 22, 2026
edited by agentic-workflows-dev bot
Loading

🎉 Yo ho ho! Changeset Generator found the treasure and completed successfully! ⚓💰

@github-actions github-actions bot mentioned this pull request Jan 22, 2026
Closed
@github-actions
Copy link
Contributor

github-actions bot commented Jan 22, 2026

Smoke Test: Claude - PASS

Last 2 Merged PRs:

Tests: ✅ GitHub MCP | ✅ Serena MCP | ✅ Playwright | ✅ Tavily | ✅ File I/O | ✅ Bash

Status: PASS

AI generated by Smoke Claude

@github-actions github-actions bot mentioned this pull request Jan 22, 2026
Closed
@github-actions
Copy link
Contributor

github-actions bot commented Jan 22, 2026

Smoke Test Results

✅ GitHub MCP
✅ Serena MCP
✅ Playwright
✅ File Writing
✅ Bash Tool

Status: ✅ PASS

@pelikhan

AI generated by Smoke Copilot

@github-actions
Copy link
Contributor

github-actions bot commented Jan 22, 2026

GitHub MCP: ✅ style: improve markdown formatting in safe outputs messages | chore: recompile workflows after safe outputs handler changes
Serena MCP activate: ✅
Playwright github.com title: ✅
Tavily search: ✅
File write+cat: ✅
Overall: PASS

AI generated by Smoke Codex

@pelikhan pelikhan marked this pull request as ready for review January 22, 2026 05:35
@pelikhan pelikhan merged commit 7758ad3 into main Jan 22, 2026
83 checks passed
@pelikhan pelikhan deleted the copilot/add-extensive-redaction-tests branch January 22, 2026 05:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pelikhan pelikhan Awaiting requested review from pelikhan

Assignees

@pelikhan pelikhan

Copilot code review Copilot

Labels

smoke smoke-claude smoke-codex smoke-copilot

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pelikhan