Security Issue: API key exposed in request debug dumps
Description
When an API request fails and triggers the debug dump mechanism (_dump_api_request_on_error), the resulting request_dump_*.json file contains the Authorization header with a partially masked API key:
"Authorization": "Bearer eyJhbGci...pdJk"
The masking function _mask_api_key_for_logs reveals the first 8 and last 4 characters of the key (key[:8]...key[-4:]), which significantly reduces entropy. For token-based auth (JWT/API keys), even partial key exposure is a security concern.
Additionally, the dump file contains:
- Full system prompt / instructions
- Complete message history
- All tool schemas (31 tools in our case)
- Error response details
Affected Code
run_agent.py, method _dump_api_request_on_error (around line 2677):
"headers": {
"Authorization": f"Bearer {self._mask_api_key_for_logs(api_key)}",
"Content-Type": "application/json",
},Risk Assessment
- Current risk: Low to Medium —
~/.hermes/sessions/ directory is mode 700 (owner-only), so other local users cannot access the dumps.
- Potential risk escalation: If any future vulnerability allows directory traversal or if backups of
~/.hermes/ are made world-readable, the API key would be exposed with reduced entropy.
- Privacy risk: Full conversation history and system prompts in dumps are a privacy concern even without key exposure.
Recommended Fix
-
Remove Authorization header entirely from dump files — the URL is already recorded, so the presence of a request attempt is logged without exposing credentials:
"headers": {
"Content-Type": "application/json",
# Authorization deliberately omitted from debug dumps
},
-
Optionally: Consider also redacting or truncating the instructions (system prompt) and messages (conversation history) from the dump body, since these may contain sensitive context depending on the user's workflow.
-
Add a config flag redact_secrets_from_dumps: true (default true) to allow users who genuinely need to debug auth issues to temporarily disable redaction.
Environment
- hermes-agent: NousResearch/hermes-agent
- File:
run_agent.py
- Function:
_dump_api_request_on_error
Security Issue: API key exposed in request debug dumps
Description
When an API request fails and triggers the debug dump mechanism (
_dump_api_request_on_error), the resultingrequest_dump_*.jsonfile contains the Authorization header with a partially masked API key:The masking function
_mask_api_key_for_logsreveals the first 8 and last 4 characters of the key (key[:8]...key[-4:]), which significantly reduces entropy. For token-based auth (JWT/API keys), even partial key exposure is a security concern.Additionally, the dump file contains:
Affected Code
run_agent.py, method_dump_api_request_on_error(around line 2677):Risk Assessment
~/.hermes/sessions/directory is mode 700 (owner-only), so other local users cannot access the dumps.~/.hermes/are made world-readable, the API key would be exposed with reduced entropy.Recommended Fix
Remove Authorization header entirely from dump files — the URL is already recorded, so the presence of a request attempt is logged without exposing credentials:
Optionally: Consider also redacting or truncating the
instructions(system prompt) andmessages(conversation history) from the dump body, since these may contain sensitive context depending on the user's workflow.Add a config flag
redact_secrets_from_dumps: true(default true) to allow users who genuinely need to debug auth issues to temporarily disable redaction.Environment
run_agent.py_dump_api_request_on_error