Bug
When security.redact_secrets is enabled, Hermes redacts secret-looking values not just in UI output but before passing them to tools (e.g. the terminal tool). This breaks workflows where Hermes retrieves a secret from Bitwarden CLI and passes it directly to a script or environment variable.
Expected behaviour
security.redact_secrets should only redact values in the displayed response — what the user sees in the TUI, WhatsApp, etc. The actual value should be passed through unmodified when used internally (tool calls, env vars, script arguments).
Actual behaviour
Hermes retrieves a secret from Bitwarden (e.g. an API key stored as a plain text field, type 0), but the redacted display value (AIzaSy...TcVk) is what gets passed to terminal commands, making the secret unusable.
Workaround
hermes config set security.redact_secrets false — but this removes all redaction protection.
Steps to reproduce
- Store an API key in Bitwarden as a custom field (type 0 / plain text)
- Enable
security.redact_secrets (default)
- Ask Hermes to retrieve the key from Bitwarden and pass it to a script
- The script receives the truncated/redacted string instead of the real value
Impact
Makes Bitwarden-based secret management (the recommended alternative to .env files) non-functional when redaction is enabled. Users are forced to disable redaction entirely to use secrets in automations.
Bug
When
security.redact_secretsis enabled, Hermes redacts secret-looking values not just in UI output but before passing them to tools (e.g. theterminaltool). This breaks workflows where Hermes retrieves a secret from Bitwarden CLI and passes it directly to a script or environment variable.Expected behaviour
security.redact_secretsshould only redact values in the displayed response — what the user sees in the TUI, WhatsApp, etc. The actual value should be passed through unmodified when used internally (tool calls, env vars, script arguments).Actual behaviour
Hermes retrieves a secret from Bitwarden (e.g. an API key stored as a plain text field, type 0), but the redacted display value (
AIzaSy...TcVk) is what gets passed to terminal commands, making the secret unusable.Workaround
hermes config set security.redact_secrets false— but this removes all redaction protection.Steps to reproduce
security.redact_secrets(default)Impact
Makes Bitwarden-based secret management (the recommended alternative to
.envfiles) non-functional when redaction is enabled. Users are forced to disable redaction entirely to use secrets in automations.