Skip to content

Comments

Fix/secret masking#281

Merged
DecSmith42 merged 5 commits intomainfrom
fix/secret-masking
Feb 10, 2026
Merged

Fix/secret masking#281
DecSmith42 merged 5 commits intomainfrom
fix/secret-masking

Conversation

@DecSmith42
Copy link
Owner

@DecSmith42 DecSmith42 commented Feb 10, 2026
edited
Loading

This pull request enhances the handling of secret masking in log output and refactors the underlying implementation to improve reliability and maintainability. The most important changes are the introduction of a new SanitizeSecrets utility method, updates to logging components to ensure secrets are masked everywhere, and improvements to the IParamService interface and its implementation.

Secret masking improvements:

  • Added a new SanitizeSecrets method to StringUtil, which replaces secret substrings with a mask and handles edge cases like short secrets and empty input. ([DecSm.Atom/Util/StringUtil.csR94-R123](https://github.com/DecSmith42/atom/pull/281/files#diff-0ea3174af5e67049cad68f62502515d8f75441e84643ec506257820cd5422fc1R94-R123))
  • Refactored ParamService.MaskMatchingSecrets to use the new SanitizeSecrets method, simplifying the masking logic and ensuring consistency. ([DecSm.Atom/Params/ParamService.csL160-R160](https://github.com/DecSmith42/atom/pull/281/files#diff-0c40242605d992515cab81b9bb1230373f81aea228d162ae3ded16e0827f37ddL160-R160))

Logging updates:

  • Updated SpectreLogger.Log to mask secrets in log messages before formatting and output, ensuring sensitive data is not exposed in logs. ([DecSm.Atom/Logging/SpectreLogger.csR123-R125](https://github.com/DecSmith42/atom/pull/281/files#diff-ed76b61733cc309bc6065fda74fb29bc705814662b5125f5fc2f2d31d39f4608R123-R125))
  • Changed MaskingAnsiConsoleOutput.Write to use the refactored masking logic, improving performance and reliability. ([DecSm.Atom/Logging/MaskingAnsiConsoleOutput.csL66-R66](https://github.com/DecSmith42/atom/pull/281/files#diff-e1a7820b8351c1672a1c680731c358d2245d2135f24ae82cd3688938740fea15L66-R66))
  • Adjusted log message formatting in SpectreLogger to avoid double escaping and ensure masked output is displayed correctly. ([DecSm.Atom/Logging/SpectreLogger.csL134-R136](https://github.com/DecSmith42/atom/pull/281/files#diff-ed76b61733cc309bc6065fda74fb29bc705814662b5125f5fc2f2d31d39f4608L134-R136))

API and documentation enhancements:

  • Updated the IParamService interface documentation to clarify the masking behavior and provide more accurate descriptions. ([DecSm.Atom/Params/ParamService.csL80-R80](https://github.com/DecSmith42/atom/pull/281/files#diff-0c40242605d992515cab81b9bb1230373f81aea228d162ae3ded16e0827f37ddL80-R80))
  • Added SanitizeSecrets to the public API surface verification, making it available for testing and usage. ([DecSm.Atom.Tests/ApiSurfaceTests/PublicApiSurfaceTests.VerifyPublicApiSurface.verified.txtR1916-R1918](https://github.com/DecSmith42/atom/pull/281/files#diff-6d9417313cb728d443e8455adbbf1e331f52778bb2e5d7dc1eddefabe2c5010eR1916-R1918))

Copilot AI review requested due to automatic review settings February 10, 2026 22:50
@DecSmith42 DecSmith42 enabled auto-merge February 10, 2026 22:50
@DecSmith42 DecSmith42 requested review from Copilot and removed request for Copilot February 10, 2026 22:53
Copilot AI reviewed Feb 10, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Improves secret masking consistency across production and test code by introducing a new SanitizeSecrets string extension and applying it in parameter masking and logging.

Changes:

  • Added SanitizeSecrets to centralize and harden secret masking behavior.
  • Updated ParamService and logging to sanitize secrets before output.
  • Refactored/expanded console output masking tests and updated API surface verification.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 8 comments.

Show a summary per file
File Description
DecSm.Atom/Util/StringUtil.cs Adds the new SanitizeSecrets implementation for masking secrets across whitespace/newlines.
DecSm.Atom/Params/ParamService.cs Switches MaskMatchingSecrets to use SanitizeSecrets.
DecSm.Atom/Logging/SpectreLogger.cs Sanitizes log messages via IParamService before escaping markup/output.
DecSm.Atom.Tests/ClassTests/Logging/MaskingAnsiConsoleOutputTests.cs Updates tests to use new masking logic and adds a “multiline” case.
DecSm.Atom.Tests/ApiSurfaceTests/PublicApiSurfaceTests.VerifyPublicApiSurface.verified.txt Updates verified public API list to include SanitizeSecrets.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@DecSmith42
feat(util): add SanitizeSecrets method and refactor secret masking
d367ead 
Added the `SanitizeSecrets` method to `StringUtil` for improved secret masking logic, allowing for better handling of multi-line secrets and whitespace. Replaced existing `MaskMatchingSecrets` calls to use the new method. Updated related logic in `ParamService` and logging output for consistency.
@DecSmith42
fix(logging): mask secrets in SpectreLogger log messages
b60f3ca 
Ensured log messages are masked for secrets using `MaskMatchingSecrets` before processing. Added a safeguard to protect sensitive data in logging output.
@DecSmith42 DecSmith42 requested a review from Copilot February 10, 2026 23:11
Copilot AI reviewed Feb 10, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 5 out of 5 changed files in this pull request and generated 5 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@DecSmith42
fix(util): enhance SanitizeSecrets documentation for clarity
289ef7a 
Updated XML comments in `StringUtil` to improve clarity and accuracy. Enhanced descriptions for parameters, return values, and overall method behavior, ensuring consistency and better developer understanding.
@DecSmith42
docs(params): clarify ReplaceSecrets XML comments for examples
4a27916 
Updated XML comments in `ParamService` to improve clarity by including an example of the mask used for secret replacement.
@DecSmith42
fix(logging): remove unnecessary markup escaping in SpectreLogger
4e6916a 
Removed redundant `EscapeMarkup` usage in `SpectreLogger`. This ensures the markup is properly rendered without escaping, improving the readability of log output.
@DecSmith42 DecSmith42 requested a review from Copilot February 10, 2026 23:46
Copilot AI reviewed Feb 10, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@DecSmith42 DecSmith42 merged commit e987b2d into main Feb 10, 2026
49 checks passed
@DecSmith42 DecSmith42 deleted the fix/secret-masking branch February 10, 2026 23:54
This was referenced Feb 12, 2026
Open
Open
Closed
Open
Open
Open
Closed
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@DecSmith42