Skip to content

fix(security): enable secret redaction by default#18596

Closed
liuhao1024 wants to merge 1 commit into
NousResearch:mainfrom
liuhao1024:fix/issue-17691-redact-secrets-default-on
Closed

fix(security): enable secret redaction by default#18596
liuhao1024 wants to merge 1 commit into
NousResearch:mainfrom
liuhao1024:fix/issue-17691-redact-secrets-default-on

Conversation

@liuhao1024

@liuhao1024 liuhao1024 commented May 2, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

What does this PR do?

Change HERMES_REDACT_SECRETS default from OFF to ON to prevent accidental credential leaks in gateway chat output and session logs.

Problem: In a vanilla Hermes deployment, HERMES_REDACT_SECRETS is OFF by default. When users converse through the gateway (Telegram, Discord), the agent routinely echoes back live API key values in chat responses and writes them verbatim into session JSON files. A production audit found 24 distinct credentials leaked across 345 session files.

Fix: Change the default in two locations:

  • agent/redact.py: os.getenv("HERMES_REDACT_SECRETS", "true") instead of ""
  • hermes_cli/config.py: "redact_secrets": True instead of False

Backward compatibility: Users who need unredacted output can opt out via:

  • security.redact_secrets: false in config.yaml
  • HERMES_REDACT_SECRETS=false in ~/.hermes/.env

Related Issue

N/A

Type of Change

  • 🐛 Bug fix (non-breaking change that fixes an issue)

Changes Made

  • See commit messages for detailed changes

How to Test

  1. Run pytest tests/ -q — all tests should pass
  2. Verify the specific scenario described above is resolved

Checklist

Code

  • I've read the Contributing Guide
  • My commit messages follow Conventional Commits (fix(scope):, feat(scope):, etc.)
  • I searched for existing PRs to make sure this isn't a duplicate
  • My PR contains only changes related to this fix/feature (no unrelated commits)
  • I've run pytest tests/ -q and all tests pass
  • I've added tests for my changes (required for bug fixes, strongly encouraged for features)
  • I've tested on my platform: macOS 26.4.1

Documentation & Housekeeping

  • I've updated relevant documentation (README, docs/, docstrings) — or N/A
  • I've updated cli-config.yaml.example if I added/changed config keys — or N/A
  • I've updated CONTRIBUTING.md or AGENTS.md if I changed architecture and workflows — or N/A
  • I've considered cross-platform impact (Windows, macOS) per the compatibility guide — or N/A

@liuhao1024
fix(security): enable secret redaction by default
c8d5a3a 
Change HERMES_REDACT_SECRETS default from OFF to ON to prevent
accidental credential leaks in gateway chat output and session logs.

Without this fix, a vanilla Hermes deployment echoes back live API key
values in Telegram/Discord chat and writes them verbatim into session
JSON files. Users who need unredacted output can opt out via
security.redact_secrets: false in config.yaml.

Closes NousResearch#17691
@alt-glitch alt-glitch added type/security Security vulnerability or hardening P1 High — major feature broken, no workaround comp/agent Core agent loop, run_agent.py, prompt builder area/config Config system, migrations, profiles labels May 2, 2026
Cyrene963 pushed a commit to Cyrene963/hermes-agent that referenced this pull request May 3, 2026
Apply 14 community PRs + fix session_search ordering
a6e0ad9 
Community PRs applied:
- NousResearch#18596: Enable secret redaction by default (SECURITY)
- NousResearch#18650: Sanitize malformed tool messages + auto-recover on API 400
- NousResearch#18607: Emergency compression before max_iterations exhaustion
- NousResearch#18603: Compression fallback to main model on 413 rate limit
- NousResearch#18638: Pass threshold_percent on model switch
- NousResearch#18663: Strip extra_content from tool_calls for strict APIs
- NousResearch#18618: Forward explicit_api_key to OpenRouter
- NousResearch#18632: Show cache tokens in /insights breakdown
- NousResearch#18614: Add idempotency guard for patch duplicate loops
- NousResearch#18600: Raise ValueError when HERMES_HOME unset in profile mode
- NousResearch#18616: Allow ZWJ emoji in context files
- NousResearch#18582: Reload .env on /restart
- NousResearch#18547: Stabilize system prompt prefix for KV cache reuse
- NousResearch#18692: Strip FTS5 operators from session search truncation terms

Fix: Add order_by_last_active=True to list_sessions_rich call
(pre-existing commit 142b4bf code sync)
@liuhao1024 liuhao1024 mentioned this pull request May 4, 2026
Closed
@teknium1

teknium1 commented Jun 10, 2026

Copy link
Copy Markdown
Contributor

This looks implemented on current main already via #21193. This is an automated hermes-sweeper review.

Evidence:

  • agent/redact.py:67 now defaults HERMES_REDACT_SECRETS to "true", so the redactor is ON unless explicitly disabled.
  • hermes_cli/config.py:1993 now sets security.redact_secrets to True in the default config.
  • agent/chat_completion_helpers.py:874 redacts assistant content before it reaches state.db, session_*.json, gateway delivery, or compression.
  • The mainline implementation commit is fb1ce793e6ad4751c4fa5b53bab217bc04a9d28b (feat(security): enable secret redaction by default (#17691, #20785) (#21193)), included in v2026.5.7.

@teknium1 teknium1 closed this Jun 10, 2026
@teknium1 teknium1 added the sweeper:implemented-on-main Sweeper: behavior already present on current main label Jun 10, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

area/config Config system, migrations, profiles comp/agent Core agent loop, run_agent.py, prompt builder P1 High — major feature broken, no workaround sweeper:implemented-on-main Sweeper: behavior already present on current main type/security Security vulnerability or hardening

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@liuhao1024 @teknium1 @alt-glitch