5 hours ago · Tech · hide · 0 comments

Shell history is one source of leaked credentials. Commands containing API keys, bearer tokens, passwords, or connection strings are often written to history files without much thought. We shouldn’t do it, but, let’s admit it, we all do it, especially when we feel safe, on a computer entirely under our control. export OPENAI_API_KEY=sk-... curl -H "Authorization: Bearer ghp_..." https://api.example.com psql postgres://alice:password@example.com/db Best practices There are best practices and tricks that will help you keep secrets from bash/zsh/fish history. I found "Hiding secret keys from shell history: Part 1" to be extremely useful. But it’s not just shell history. It may be a SELECT statement in your ~/.mysql_history, or a quick test stored permanently in your ~/.python_history, and so on. And recently, AI coding assistants have introduced one more secret-concentration point. Claude Code, Codex, Gemini CLI, and Copilot CLI keep full session transcripts on disk; transcripts that may…

No comments yet. Log in to reply on the Fediverse. Comments will appear here.