Security vulnerabilities and automated fixes for secret management issues
1 post found
A critical vulnerability in `gemini-eval.mjs` allowed a live API key to be printed directly into error logs and console output whenever the Gemini API returned an error message containing the key string. The fix introduces runtime redaction of the API key from all error messages before they are logged, preventing accidental exposure in CI/CD pipelines, terminal history, and log aggregation systems. This is a textbook example of how secrets can leak through indirect channels even when developers