feat(secrets): Secrets Management Tool (Phase 1)#3245
Closed
zaycruz wants to merge 1 commit into
Closed
Conversation
Adds a first-class secrets tool providing secure secret lifecycle management: list, check, request, delete, and inject. - secrets(action='list'): Shows configured secret names (never values) and cross-references skills with requires_secrets frontmatter - secrets(action='check'): Verifies which keys are configured/missing - secrets(action='request'): Secure input via getpass (CLI) or gateway_secret_prompt (messaging platforms). Value never enters agent context or conversation history. - secrets(action='delete'): Clears a secret from ~/.hermes/.env - secrets(action='inject'): Registers keys for env_passthrough so the terminal tool includes them in the next subprocess call Also supports requires_secrets field in SKILL.md frontmatter for automatic missing-secret detection on skill load. Relates to NousResearch#410
Author
|
Closing in favor of cleaned-up PR #3246 with minimal diff (525 lines vs 785 lines of reformatting noise). |
7 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Implements Phase 1 of #410 — a first-class
secretstool providing secure secret lifecycle management.What's New
New tool:
secrets(🔐)listrequires_secretsfrontmattercheckrequestgetpass()(CLI) orgateway_secret_prompt(messaging). Value never enters agent contextdelete~/.hermes/.envinjectenv_passthroughso the terminal tool includes them in the next subprocess callKey Security Properties
requestaction usesgetpass()for CLI input or returns a structuredgateway_secret_promptdict for DM-based platformsenv_passthroughso only explicitly requested secrets reach subprocessesrequires_secretsin SKILL.md frontmatter for automatic missing-secret detectionFiles Changed
tools/secrets_tool.py— New tool implementation (374 lines)model_tools.py— Added to tool discovery listtoolsets.py— Added to_HERMES_CORE_TOOLStests/tools/test_secrets_tool.py— 10 test cases covering all actions + edge casesTest Results
Existing Protections Found
During investigation, I found the codebase already has significant hardening (Issue #363 appears resolved):
file_tools.pyalready appliesredact_sensitive_text()to read/search outputtools/environments/local.pyblocks 50+ secret env vars from subprocessestools/skills_guard.pyblockscat ~/.hermes/.env,os.environaccess, credential filestools/env_passthrough.pyprovides opt-in injection mechanismThis PR builds on top of those existing protections by adding the missing user-facing tool interface.
Phase 2 Roadmap
env_keysparameter)Relates to #410