mirror of
https://github.com/0xMassi/webclaw.git
synced 2026-07-10 05:12:10 +02:00
fix(cli): hide secret env values in --help output
clap prints the current value of an arg's `env` var in --help by default, which leaks secrets (e.g. `[env: WEBCLAW_API_KEY=wc_...]`) for anyone who has them set. Add `hide_env_values = true` to every arg backed by a credential-bearing env var so --help shows the variable name only. Covers the CLI (WEBCLAW_API_KEY, SERPER_API_KEY, WEBCLAW_PROXY, WEBCLAW_PROXY_FILE, WEBCLAW_WEBHOOK_URL, WEBCLAW_LLM_BASE_URL) and the server (WEBCLAW_API_KEY). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
parent
a869b0af69
commit
fa54dae7ad
2 changed files with 7 additions and 7 deletions
|
|
@ -57,7 +57,7 @@ struct Args {
|
|||
/// `/v1/*` request must present `Authorization: Bearer <key>`.
|
||||
/// When unset, the server runs in open mode (no auth) — only
|
||||
/// safe on a local-bound interface or behind another auth layer.
|
||||
#[arg(long, env = "WEBCLAW_API_KEY")]
|
||||
#[arg(long, env = "WEBCLAW_API_KEY", hide_env_values = true)]
|
||||
api_key: Option<String>,
|
||||
|
||||
/// Tracing filter. Env: RUST_LOG.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue