Skip to content

fix: preserve empty API keys in redaction output#45

Merged
kriserickson merged 2 commits intomainfrom
copilot/sub-pr-44
Mar 2, 2026
Merged

fix: preserve empty API keys in redaction output#45
kriserickson merged 2 commits intomainfrom
copilot/sub-pr-44

Conversation

Copy link
Contributor

Copilot AI commented Mar 2, 2026
edited
Loading

RedactSecret returned "****" for empty strings, causing config show (which marshals RedactedCopy) to render unset API keys as non-empty placeholders — making it impossible to distinguish an unconfigured key from a masked one, and risking users persisting "****" as a real key value.

Changes

  • internal/config/redact.go: RedactSecret returns "" immediately for empty input; non-empty short strings still produce "****"
  • internal/config/config_test.go, cmd/cmd_test.go: updated empty-string test cases to expect "" instead of "****"
// Before
RedactSecret("")  // => "****"

// After
RedactSecret("")  // => ""
RedactSecret("short")  // => "****"  (unchanged)
RedactSecret("sk-longapikey1234")  // => "sk-l...1234"  (unchanged)

🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.

Copilot AI mentioned this pull request Mar 2, 2026
Merged
@kriserickson
fix: return empty string from RedactSecret when input is empty
066384b 
Co-authored-by: kriserickson <325934+kriserickson@users.noreply.github.com>
Copilot AI changed the title [WIP] Add enhanced debug logging and sensitive data handling fix: preserve empty API keys in redaction output Mar 2, 2026
Base automatically changed from sensitive-data to main March 2, 2026 21:15
@kriserickson kriserickson marked this pull request as ready for review March 2, 2026 21:15
Copilot AI review requested due to automatic review settings March 2, 2026 21:15
@kriserickson kriserickson merged commit 1bb4987 into main Mar 2, 2026
Copilot AI reviewed Mar 2, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes redaction behavior so empty API key values remain empty in display/redacted outputs, allowing users to distinguish “unset” from “set but masked” when viewing configuration.

Changes:

  • Update RedactSecret to return "" for empty input while preserving existing masking behavior for non-empty secrets.
  • Adjust config-related tests to expect "" (not "****") for empty secret values.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File Description
internal/config/redact.go Preserves empty-string secrets by returning "" early in RedactSecret.
internal/config/config_test.go Updates TestRedactSecret to expect empty output for empty input.
cmd/cmd_test.go Updates TestMaskKey to expect empty output for empty input.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@kriserickson kriserickson deleted the copilot/sub-pr-44 branch March 2, 2026 21:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@kriserickson kriserickson

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kriserickson