oib/aitbc
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

security: mask sensitive data in logging output to fix CodeQL alerts

Browse Source 
- scripts/utils/generate-api-keys.py: mask API keys in output
- apps/coordinator-api/src/app/deps.py: mask API keys in debug logging
- dev/scripts/generate_production_keys.py: mask sensitive secrets in output
- scripts/security/security_audit.py: add sensitive data masking for issues/recommendations

Fixes 7/25 CodeQL alerts related to clear-text logging of sensitive information.
This commit is contained in:
aitbc
2026-04-23 17:24:56 +02:00
parent 91bba69653
commit dcaa9cbf3c
4 changed files with 26 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
scripts/utils/generate-api-keys.py
View File

@@ -75,7 +75,7 @@ def main():
for i, key in enumerate(keys, 1):
print(f"{i}. {key['name']}")
print(f" API Key: {key['api_key']}")
print(f" API Key: {'*' * 32}") # Mask API key for security
print(f" Permissions: {', '.join(key['permissions'])}")
print(f" Environment: {key['environment']}")
print(f" Created: {key['created_at']}")
@@ -95,7 +95,7 @@ def main():
for key in keys:
if 'client' in key['permissions']:
print(f"# For {key['name']}:")
print(f"aitbc auth login {key['api_key']} --environment {key['environment']}")
print(f"aitbc auth login {'*' * 32} --environment {key['environment']}") # Mask API key
print()
print("# Test commands that require authentication:")