Skip to content

docs: warn to redact credentials from log output before sharing#2124

Open
elezar wants to merge 1 commit into
mainfrom
docs/redact-credentials-in-logs
Open

docs: warn to redact credentials from log output before sharing#2124
elezar wants to merge 1 commit into
mainfrom
docs/redact-credentials-in-logs

Conversation

@elezar

@elezar elezar commented Jul 3, 2026

Copy link
Copy Markdown
Member

Summary

  • Adds a redaction reminder to the bug report template's Logs field, shown at the point of submission
  • Adds a new row to the Common Mistakes table in docs/security/best-practices.mdx noting that some frameworks include credentials in error objects and that the sandbox does not scrub application-level output

Related Issue

Prompted by secret scanning alert #8, where a reporter inadvertently leaked a Lark application secret by pasting a raw framework stack trace that included the full request config.

Changes

  • .github/ISSUE_TEMPLATE/bug_report.yml — expanded Logs field description to remind reporters to redact credentials before pasting
  • docs/security/best-practices.mdx — new Common Mistakes row covering credential leakage via stack traces

Testing

  • mise run markdown:lint passes
  • No source code changed; pre-commit Rust/Python checks not required

Checklist

  • Follows Conventional Commits
  • Commits are signed off (DCO)

Add a reminder to the bug report template's Logs field and a new row in
the security best-practices Common Mistakes table advising reporters to
redact credentials, API keys, and tokens from stack traces before pasting.

Signed-off-by: Evan Lezar <elezar@nvidia.com>
@copy-pr-bot

copy-pr-bot Bot commented Jul 3, 2026

Copy link
Copy Markdown

Auto-sync is disabled for draft pull requests in this repository. Workflows must be run manually.

Contributors can view more details about this message here.

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown

@elezar elezar marked this pull request as ready for review July 3, 2026 09:47
@elezar elezar requested review from a team, derekwaynecarr, maxamillion and mrunalp as code owners July 3, 2026 09:47
@elezar elezar enabled auto-merge (squash) July 3, 2026 09:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant