fix(env): redact secrets in mise set listing and task-specific env

[jdx]

Summary

• mise set (no args) now redacts values marked with redact = true or matching redactions patterns in the listing output. Added --no-redact flag to show raw values when needed.
• Task-specific env redactions (e.g. from env._.file or redact = true in [tasks.*.env]) are now registered with the global redactor, fixing redaction in task output.

Closes #5368

Test plan

• Verify mise set redacts values for env vars with redact = true
• Verify mise set --no-redact shows raw values
• Verify task-specific env._.file with redactions patterns are properly redacted in task output
• Verify existing cargo test passes

🤖 Generated with Claude Code

---

Note

Medium Risk
Changes how environment values are displayed and how redaction patterns are registered, which could unintentionally hide/show values in CLI/task output. Core execution paths are mostly unchanged but touch global redactor behavior in tasks.

Overview
Redacts secret env values in mise set output by default when listing variables, covering redact = true, age-encrypted entries (default redacted), and config-level redactions patterns; adds --no-redact to show raw values.

Fixes task output redaction for task-scoped env vars by registering redactions resolved from task context (including env._.file and task-level redactions) with the global redactor so secrets are consistently masked in mise run output.

Docs/man/usage specs and shell completion metadata are updated, and new e2e tests cover the redaction/override behavior for both mise set and tasks.

^{Written by Cursor Bugbot for commit 860282a. This will update automatically on new commits. Configure here.}

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly improves the handling of sensitive information within mise by implementing robust redaction capabilities. It ensures that secrets are masked when listing environment variables via mise set and correctly applies redaction rules to task-specific environment outputs, enhancing overall security and preventing accidental exposure of confidential data.

Highlights

• Enhanced Secret Redaction in mise set: The mise set command (when called without arguments) now automatically redacts sensitive values that are marked with redact = true or match defined redactions patterns in its listing output.
• New --no-redact Flag: A new --no-redact flag has been introduced for mise set, allowing users to explicitly display raw, unredacted secret values when necessary.
• Improved Task-Specific Environment Redaction: Task-specific environment redactions, such as those from env._.file or redact = true within [tasks.*.env], are now correctly registered with the global redactor, ensuring proper redaction in task output.

Changelog

• docs/cli/set.md
  • Documented the new --no-redact flag for the mise set command.
• mise.usage.kdl
  • Registered the --no-redact flag for the mise set command in the usage definition.
• src/cli/set.rs
  • Added the no_redact field to the Set struct to control redaction behavior.
  • Implemented logic in list_all to redact environment variable values unless the --no-redact flag is present.
• src/task/task_context_builder.rs
  • Added code to register config-level redactions with the global redactor during task context building.
  • Included logic to register task-specific redactions with the global redactor, ensuring they are applied to task output.

Activity

• The author has provided a test plan to verify the new redaction behavior for mise set and task-specific environments, including checking the --no-redact flag and existing cargo test passes.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request addresses secret redaction in two key areas. First, it introduces redaction for mise set output, with a --no-redact flag to bypass it. Second, it ensures that task-specific redaction patterns are correctly registered with the global redactor, fixing an issue where secrets could be exposed in task outputs. The implementation looks solid, with corresponding updates to documentation and CLI definitions. I have no specific comments on the changes.

[greptile-apps]

Greptile Summary

This PR fixes two related redaction gaps: mise set (no args) now applies redact = true and redactions patterns when listing env vars, with a new --no-redact escape hatch; and task-specific env vars (loaded via env._.file or redact = true in [tasks.*.env]) are now registered with the global redactor so task output is also protected. The changes integrate cleanly with the existing Aho-Corasick–based _REDACTOR and the lazy env_results caching in Config.

Key changes:

• src/cli/set.rs: new rows_from_directives helper handles per-variable redact = true and Age-default redaction for --file/-E paths; the default path runs config.env_results() to prime the global redactor and then applies config.redact() over every row value.
• src/task/mod.rs + src/task/task_context_builder.rs: after resolving task-specific env directives, add_redactions is called with both the config's glob patterns and the task's redact = true keys against the full (or task-scoped) env map.

One gap to address: When --file points to a file outside the config hierarchy, variables in that file that match the main config's redactions glob patterns (but have no per-variable redact = true) will not be redacted. config.env_results() only registers values from the main config's own env, so the external file's values are never seen by the global redactor. See inline comment on list_all for a suggested fix. The same applies to the -E path.

Confidence Score: 3/5

• Mostly safe to merge; one edge-case redaction gap in --file mode could silently expose values matching glob patterns from the main config when the file is outside the config hierarchy.
• The core logic for the default listing path and both task execution paths is sound and well-tested. The implementation correctly primes the global redactor and handles both redact=true per-variable and redactions glob patterns for the common cases. The deduction is for the identified gap in --file-to-external-file mode where glob-pattern redaction doesn't fire — a real but narrow attack surface that the existing tests do not cover. No runtime crashes, data corruption, or build-breaking issues were found.
• src/cli/set.rs — specifically the list_all function's handling of the --file and -E paths with respect to glob-pattern redaction for external files.

Important Files Changed

Filename	Overview
src/cli/set.rs	Adds --no-redact flag, rows_from_directives helper for inline redact=true/Age handling, and a call to config.env_results() to prime the global redactor. Per-variable redact=true is handled correctly; however, glob redactions patterns from the main config are not applied to vars that exist only in an external --file target, leaving a potential secret-leak gap for that edge case.
src/task/mod.rs	After resolving task-specific env directives, newly registers task env values against both config.redaction_keys() glob patterns and per-directive redact=true key names. task_env_map (task-specific only) is passed to add_redactions, which is correct because config-level env values are already registered during ts.full_env() → env_results() → load_env(). Logic is sound.
src/task/task_context_builder.rs	Two add_redactions calls added: one for config-level redact=true keys (uses env before task env is merged), one for task-level redact=true keys and config glob patterns (uses full env including task env). Separation of responsibilities is correct; the full env map passed to the second call ensures glob patterns correctly match task-specific vars.
e2e/cli/test_set	Good coverage for redact=true, redactions pattern, --file in-hierarchy, and --file outside hierarchy. Missing a test for the case where the external --file target has keys matching the main config's redactions glob pattern (without per-variable redact=true).
e2e/tasks/test_task_redactions	Two new test cases correctly verify task-specific env._.file with redactions patterns and with redact=true. Logic is sound and matches intended behavior.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[mise set no-args] --> B[list_all]
    B --> D{no_redact flag?}
    D -->|false| E[config.env_results primes global redactor]
    E --> F{--file or -E flag?}
    F -->|yes| G[rows_from_directives\nhandles redact=true and Age inline\nNOTE: glob patterns miss external-file vars]
    F -->|no default path| H[env_with_sources returns resolved values]
    G --> I[config.redact applies registered patterns to each row]
    H --> I
    I --> J[Print redacted table]
    D -->|true no-redact| K[Return raw rows without redaction]
    K --> J

    L[mise run task] --> M{task_cf present?}
    M -->|complex path| O[TaskContextBuilder\nresolve_task_env_with_config]
    O --> P[add_redactions: config redact=true keys vs config env]
    P --> Q[add_redactions: config glob patterns + task redact=true keys vs full env]
    M -->|simple or no task_cf| R[task.render_env in mod.rs]
    R --> S[add_redactions: config glob patterns + task redact=true keys vs task_env_map]
    Q --> T[Execute task - global redactor protects all output]
    S --> T

Loading

Comments Outside Diff (1)

1. src/cli/set.rs, line 240-256 (link)

   redactions glob patterns not applied to external --file vars

   When --file points to a file outside the config hierarchy, config.env_results() (called to prime the global redactor) only processes the main config's env vars — not the external file's vars. As a result, any variable in the external file that matches a redactions glob pattern from the main config (e.g. redactions = ["DB_*"]) will not be redacted by the subsequent config.redact() pass.

   Concretely, if the main config contains redactions = ["DB_*"] and the external file contains DB_PASSWORD = "..." (with no per-variable redact = true), running mise set --file /tmp/external.toml will print the plaintext value unredacted.

   The per-variable redact = true path is correctly handled by rows_from_directives, but the glob-pattern path relies on the global redactor having already seen the matching values, which it hasn't for vars that exist only in the external file.

   A fix would be to extract the external file's resolved env values and register them against the config-level patterns before calling config.redact():

   if !self.no_redact {
       let external_env: EnvMap = mise_toml
           .env_entries()?
           .into_iter()
           .filter_map(|ed| match ed {
               EnvDirective::Val(k, v, _) => Some((k, v)),
               _ => None,
           })
           .collect();
       config.add_redactions(config.redaction_keys(), &external_env);
   }

   The same gap applies to the -E (environment-specific file) path at lines 333–336.

_{Last reviewed commit: 860282a}

[jdx]

bugbot run

[github-actions]

Hyperfine Performance

mise x -- echo

Command	Mean [ms]	Min [ms]	Max [ms]	Relative
mise-2026.3.8 x -- echo	23.2 ± 0.2	22.6	24.4	1.00
mise x -- echo	23.7 ± 0.4	23.1	28.5	1.02 ± 0.02

mise env

Command	Mean [ms]	Min [ms]	Max [ms]	Relative
mise-2026.3.8 env	22.7 ± 0.4	22.0	26.4	1.00
mise env	23.2 ± 0.3	22.6	26.9	1.02 ± 0.02

mise hook-env

Command	Mean [ms]	Min [ms]	Max [ms]	Relative
mise-2026.3.8 hook-env	23.4 ± 0.3	22.8	25.5	1.00
mise hook-env	23.8 ± 0.3	23.2	25.8	1.02 ± 0.02

mise ls

Command	Mean [ms]	Min [ms]	Max [ms]	Relative
mise-2026.3.8 ls	22.7 ± 0.3	22.1	24.2	1.00
mise ls	23.0 ± 0.2	22.5	24.3	1.02 ± 0.02

xtasks/test/perf

Command	mise-2026.3.8	mise	Variance
install (cached)	150ms	150ms	+0%
ls (cached)	82ms	82ms	+0%
bin-paths (cached)	85ms	85ms	+0%
task-ls (cached)	837ms	815ms	+2%

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}