Skip to content

fix(config): clean up backup files after successful write#31764

Open
Bartok9 wants to merge 1 commit intoopenclaw:mainfrom
Bartok9:fix/cleanup-config-backup-after-write
Open

fix(config): clean up backup files after successful write#31764
Bartok9 wants to merge 1 commit intoopenclaw:mainfrom
Bartok9:fix/cleanup-config-backup-after-write

Conversation

@Bartok9
Copy link
Contributor

@Bartok9 Bartok9 commented Mar 2, 2026

Summary

Config backup files (.bak, .bak.1, etc.) contain sensitive data including:

  • Gateway tokens
  • API keys (Anthropic, Notion, etc.)
  • Channel credentials

Previously, these backup files persisted indefinitely after config writes, creating unnecessary credential exposure. They are only needed for crash recovery during the write operation itself.

Changes

  • Add cleanupConfigBackups() function to backup-rotation.ts
  • Call cleanup after successful config writes (both rename and copy-fallback paths)
  • Add tests for the new cleanup function

Security Impact

This reduces the credential footprint by removing backup files that previously persisted indefinitely, containing duplicate copies of all secrets.

Fixes #31699

fix(config): clean up backup files after successful write
c6ff6c0 
Config backup files (.bak, .bak.1, etc.) contain sensitive data including:
- Gateway tokens
- API keys (Anthropic, Notion, etc.)
- Channel credentials

Previously, these backup files persisted indefinitely after config writes,
creating unnecessary credential exposure. They are only needed for crash
recovery during the write operation itself.

This change adds cleanupConfigBackups() which removes all backup files
after a successful config write, reducing the credential footprint.

Fixes openclaw#31699
@greptile-apps
Copy link
Contributor

greptile-apps bot commented Mar 2, 2026

Greptile Summary

This PR adds automatic cleanup of config backup files (.bak, .bak.1, etc.) after successful writes to reduce credential exposure. The implementation adds a cleanupConfigBackups() function that removes all backup files using best-effort error handling, and calls it after both successful write paths (atomic rename and Windows copy-fallback). The cleanup only runs on success, preserving backups for crash recovery when writes fail.

  • Added cleanupConfigBackups() function in backup-rotation.ts that removes .bak and numbered backups
  • Integrated cleanup calls in io.ts after successful config writes (both rename and copy-fallback paths)
  • Added comprehensive tests covering cleanup with existing backups and graceful handling of missing files
  • Properly scoped to security issue Config backup (.bak) file persists and contains sensitive data #31699 without over-engineering

Confidence Score: 5/5

  • This PR is safe to merge with minimal risk - it's a focused security improvement with proper error handling and test coverage
  • The changes are well-implemented with correct logic, comprehensive tests, and appropriate best-effort error handling. The cleanup is properly placed after successful writes and won't interfere with crash recovery. No edge cases or security concerns identified.
  • No files require special attention

Last reviewed commit: c6ff6c0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

size: S

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Config backup (.bak) file persists and contains sensitive data

1 participant

@Bartok9