Conversation
Secrets no longer passed as Docker env vars (visible in docker inspect). Host side (office.ts): - After container starts, writes each secret as a file in /run/secrets/ (tmpfs) via docker exec. Touches /run/secrets/.ready as sentinel. Container side (supervisor): - Waits up to 30s for /run/secrets/.ready - Reads all secret files into its own environment - Unlinks all files immediately — secrets exist only in process memory - Uses su -m to preserve env when dropping to agent user - Agent inherits API keys via env but no files exist on any filesystem Result: secrets live in tmpfs briefly (milliseconds), then only in process memory. Not visible in docker inspect, not on disk.
CodeQL flagged clear-text logging of sensitive info. Secret values were passed as docker exec arguments (visible in ps output) and the error path could leak stderr content. Fix: pipe secret values via stdin to 'cat > /run/secrets/KEY'. Error message no longer includes the value. Secrets never appear in process argument lists.
CodeQL tracks taint from API_KEY_VARS through to spawnSync input. Extract to a dedicated function with clear intent — this is the security boundary where secrets intentionally flow to the container.
heskew
approved these changes
Feb 27, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Secrets no longer passed as Docker env vars (visible in
docker inspect).Host side (office.ts):
/run/secrets/(tmpfs) viadocker exec/run/secrets/.readyas sentinelContainer side (supervisor):
/run/secrets/.readysu -mto preserve env when dropping to agent userResult: Secrets live in tmpfs briefly (milliseconds), then only in process memory. Not visible in
docker inspect, not on disk.Closes S33B-E from the security findings catalog.