fix(security): enable secret redaction by default#18596
Open
liuhao1024 wants to merge 1 commit into
Open
Conversation
Change HERMES_REDACT_SECRETS default from OFF to ON to prevent accidental credential leaks in gateway chat output and session logs. Without this fix, a vanilla Hermes deployment echoes back live API key values in Telegram/Discord chat and writes them verbatim into session JSON files. Users who need unredacted output can opt out via security.redact_secrets: false in config.yaml. Closes NousResearch#17691
alt-glitch
added
type/security
Cyrene963
pushed a commit
to Cyrene963/hermes-agent
that referenced
this pull request
May 3, 2026
Community PRs applied: - NousResearch#18596: Enable secret redaction by default (SECURITY) - NousResearch#18650: Sanitize malformed tool messages + auto-recover on API 400 - NousResearch#18607: Emergency compression before max_iterations exhaustion - NousResearch#18603: Compression fallback to main model on 413 rate limit - NousResearch#18638: Pass threshold_percent on model switch - NousResearch#18663: Strip extra_content from tool_calls for strict APIs - NousResearch#18618: Forward explicit_api_key to OpenRouter - NousResearch#18632: Show cache tokens in /insights breakdown - NousResearch#18614: Add idempotency guard for patch duplicate loops - NousResearch#18600: Raise ValueError when HERMES_HOME unset in profile mode - NousResearch#18616: Allow ZWJ emoji in context files - NousResearch#18582: Reload .env on /restart - NousResearch#18547: Stabilize system prompt prefix for KV cache reuse - NousResearch#18692: Strip FTS5 operators from session search truncation terms Fix: Add order_by_last_active=True to list_sessions_rich call (pre-existing commit 142b4bf code sync)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Change
HERMES_REDACT_SECRETSdefault from OFF to ON to prevent accidental credential leaks in gateway chat output and session logs.Problem: In a vanilla Hermes deployment,
HERMES_REDACT_SECRETSis OFF by default. When users converse through the gateway (Telegram, Discord), the agent routinely echoes back live API key values in chat responses and writes them verbatim into session JSON files. A production audit found 24 distinct credentials leaked across 345 session files.Fix: Change the default in two locations:
agent/redact.py:os.getenv("HERMES_REDACT_SECRETS", "true")instead of""hermes_cli/config.py:"redact_secrets": Trueinstead ofFalseBackward compatibility: Users who need unredacted output can opt out via:
security.redact_secrets: falseinconfig.yamlHERMES_REDACT_SECRETS=falsein~/.hermes/.envTest Plan
test_redact_secrets_default_true_when_unsetto verify new defaulttest_redact_secrets_false_in_config_yaml_is_honored— explicit false still workstest_redact_secrets_true_in_config_yaml_is_honored— explicit true still workstest_dotenv_redact_secrets_beats_config_yaml— .env precedence preservedtests/agent/test_redact.pytests passtests/hermes_cli/test_config*.pytests passCloses #17691