Plain text secrets in PAI/Claude memory and session history #949
Unanswered
genebushmaster
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
G'Day All,
I've been contemplating a problem and so far haven't found a good way to tackle it.
I've been using CC for personal and professional software dev basically since release, and has been on PAI since December.
I often have to put secrets into infra/pipelines etc, and naturally I'm already accustomed to task su with it (su is the name of my PAI instance)). Those secrets then are saved in plain text in CC session transcript JSONL files, and in PAI memory (2 locations!!).
So far, I found no foolproof way to do this with PAI/CC, as even piping secrets from file has proven to be not good enough - yes, when the secrets are put, they are piped and not shown in-context, but since the file location is already in context, su can just read the file after, when it feels like it and again, capture secret in plain text in the session context.
I've also tried getting them from secrets manager directly - via op (1Password cli tool), but I can't be bothered to auth every single pipe from op.
Just wondering if anyone has a good answer for this. My goal is of course to keep using PAI for this task, as long as I'm sure secrets are not spammed all over in plain text.
@danielmiessler very interested to hear what you've come up with on this.
Cheers,
Gene
Beta Was this translation helpful? Give feedback.
All reactions