Skip to content

[micro-fix] fix(security): H-03 — Remove encryption key from log output#5590

Open
shibinsp wants to merge 1 commit intoaden-hive:mainfrom
shibinsp:fix/h03-encryption-key-logging
Open

[micro-fix] fix(security): H-03 — Remove encryption key from log output#5590
shibinsp wants to merge 1 commit intoaden-hive:mainfrom
shibinsp:fix/h03-encryption-key-logging

Conversation

@shibinsp
Copy link

@shibinsp shibinsp commented Mar 1, 2026

Fixes #5559

Summary

Removes encryption key material from debug log output in the credential storage system.

Severity: 🟠 High — Encryption keys in logs compromise all stored credentials.

Changes

  • Replaced key logging with safe non-sensitive log message

Files Changed

  • framework/credential_storage.py — +2/-2 lines

Test Plan

  • All 4 tests passing on fix branch

Note: Using micro-fix bypass. Please assign me to the linked issue.

@claude
security(H-03): remove encryption key from log output
f57ce1a 
The auto-generated Fernet encryption key was previously logged
in the warning message, exposing it in log files, CI output,
and error aggregators.

Replace the key value in the log message with a generic
instruction to use a key management system.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Security] H-03: Encryption key logged in cleartext (High)

1 participant

@shibinsp