Skip to content

[Bug]: secrets audit PLAINTEXT_FOUND for synthetic codex-app-server apiKey in models.json #69511

Closed
#69581
Closed
[Bug]: secrets audit PLAINTEXT_FOUND for synthetic codex-app-server apiKey in models.json#69511
#69581
@joerod26

Description

@joerod26
joerod26
opened on Apr 21, 2026

Product / Version

OpenClaw 2026.4.15 (041266a) — stable channel

Summary

openclaw secrets audit flags the codex provider's apiKey field in every agent's models.json as PLAINTEXT_FOUND. The flagged value is "codex-app-server" — a synthetic auth marker hardcoded by the codex extension, not a real API key.

Expected Behavior

The secrets audit should not report known synthetic provider auth markers as plaintext secret findings. Either:

  • Exclude "codex-app-server" from PLAINTEXT_FOUND results
  • Downgrade to INFO with wording like "synthetic non-secret auth marker"
  • Add a secrets.audit.excludePatterns config option for operators to suppress known false positives

Actual Behavior

Secrets audit: findings. plaintext=10, unresolved=0, shadowed=0, legacy=13.
- [PLAINTEXT_FOUND] agents/main/agent/models.json:providers.codex.apiKey models.json provider apiKey is stored as plaintext.
- [PLAINTEXT_FOUND] agents/nikola/agent/models.json:providers.codex.apiKey models.json provider apiKey is stored as plaintext.
(... repeated for every agent with a codex provider block — 7 total)

Impact

  • Inflates the plaintext count by 7 findings per installation
  • Obscures genuine secret exposure findings
  • Makes the audit's plaintext count unreliable as a security metric
  • Operators cannot distinguish "10 real secrets" from "0 real + 10 synthetic" without manual investigation
  • After completing a full SecretRef migration (runtime config + auth profiles), the audit still reports plaintext=10 — 7 of which are this false positive

Reproduction

  1. Install OpenClaw 2026.4.15 with codex extension enabled
  2. Start the gateway — on first session, buildCodexProviderCatalog() writes the codex provider block to each agent's models.json
  3. Run openclaw secrets audit
  4. Observe PLAINTEXT_FOUND for providers.codex.apiKey in every agent that has had a session

Evidence

The codex extension registers with:

resolveSyntheticAuth: () => ({
  apiKey: "codex-app-server",
  source: "codex-app-server",
  mode: "token"
})

The value "codex-app-server" is:

  • A constant string, not a credential
  • Hardcoded in dist/extensions/codex/openclaw.plugin.json
  • Regenerated by buildCodexProviderCatalog() on every real session start
  • Not usable for authentication — the real auth goes through OAuth tokens in auth-profiles.json

Replacing the value with a SecretRef does not work because:

  • buildCodexProviderCatalog() overwrites models.json on each session start, reverting any SecretRef
  • The secrets audit reports SecretRef objects in models.json as REF_UNRESOLVED, recommending regeneration

Current Workaround

Document as accepted baseline exception. The 7 findings are excluded from security posture metrics via operational documentation.

Why Not Fixed in 2026.4.15

The 2026.4.15 changelog contains no changes to the secrets audit scanning logic, codex-app-server marker handling, or audit exclusion patterns.

Recommended Priority

MEDIUM — cosmetic for security-sensitive operators, no runtime impact.

Draft prepared for GitHub filing. Do not include real secret values.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions