APEX/BrowserUse_and_ComputerUse_skills
5
0
Fork 0
Code Issues 6 Pull requests 1 Projects 1 Releases Packages Wiki Activity Actions

feat: add config toggle to disable secret redaction

Browse source 
New config option:

  security:
    redact_secrets: false  # default: true

When set to false, API keys, tokens, and passwords are shown in
full in read_file, search_files, and terminal output. Useful for
debugging auth issues where you need to verify the actual key value.

Bridged to both CLI and gateway via HERMES_REDACT_SECRETS env var.
The check is in redact_sensitive_text() itself, so all call sites
(terminal, file tools, log formatter) respect it.
This commit is contained in:
teknium1 2026-03-09 01:04:33 -07:00
parent 7af33accf1
commit 57b48a81ca
4 changed files with 21 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
cli.py
View file

@ -364,6 +364,13 @@ def load_cli_config() -> Dict[str, Any]:
if model:
os.environ[model_env] = model
# Security settings
security_config = defaults.get("security", {})
if isinstance(security_config, dict):
redact = security_config.get("redact_secrets")
if redact is not None:
os.environ["HERMES_REDACT_SECRETS"] = str(redact).lower()
return defaults
# Load configuration at module startup