Bug
gbrain config set openai_api_key sk-... confirms by printing the full key in plaintext to stderr:
Set openai_api_key = sk-svcacct-MGoTY7Gw3zMRXJb7n_7Y...full-key-visible...
The same applies to any sensitive key set via gbrain config set.
Why this matters
- Keys end up in shell history (if user ran the command directly)
- Keys end up in CI logs / agent transcripts (if a tool wrapper called it)
- Keys end up in tmux/screen scrollback
- Keys end up in any log capture that sucks in stderr
In my session, an AI agent helping the user set up gbrain leaked their full OpenAI service-account key to the conversation transcript via this confirmation message. The user now has to rotate the key.
Suggested fix
Redact the value in confirmation output. Mask all but first 8 + last 4 chars, or just print Set openai_api_key = <REDACTED>. Same treatment for any key whose key-name matches *_api_key, *_token, *_secret, *password*, *pat*.
For comparison: claude mcp add and the gstack gstack-gbrain-supabase-provision helper both correctly redact their secret args.
Repro
gbrain config set openai_api_key sk-test-1234567890abcdef
# Outputs: Set openai_api_key = sk-test-1234567890abcdef
Environment
gbrain 0.32.0
Bug
gbrain config set openai_api_key sk-...confirms by printing the full key in plaintext to stderr:The same applies to any sensitive key set via
gbrain config set.Why this matters
In my session, an AI agent helping the user set up gbrain leaked their full OpenAI service-account key to the conversation transcript via this confirmation message. The user now has to rotate the key.
Suggested fix
Redact the value in confirmation output. Mask all but first 8 + last 4 chars, or just print
Set openai_api_key = <REDACTED>. Same treatment for any key whose key-name matches*_api_key,*_token,*_secret,*password*,*pat*.For comparison:
claude mcp addand the gstackgstack-gbrain-supabase-provisionhelper both correctly redact their secret args.Repro
Environment
gbrain 0.32.0