Skip to content

Mask GitHub API keys by default in api-keys CLI#438

Open
iGufrankhan wants to merge 1 commit into
chaoss:mainfrom
iGufrankhan:feature/mask-github-api-keys
Open

Mask GitHub API keys by default in api-keys CLI#438
iGufrankhan wants to merge 1 commit into
chaoss:mainfrom
iGufrankhan:feature/mask-github-api-keys

Conversation

@iGufrankhan

Copy link
Copy Markdown
Contributor

Description

This PR masks GitHub API keys in the collectoss github api-keys CLI output by default using the existing mask_key helper.

It also adds a --show-keys flag to allow displaying the full API keys when explicitly requested.

This helps reduce accidental exposure of API keys during screen sharing or shoulder surfing.

Fixes #414

Notes for Reviewers

  • Uses the existing mask_key helper.
  • Masks API keys by default.
  • Adds a --show-keys flag to display the full API keys when explicitly requested.

Signed commits

  • Yes, I signed my commits.

Copilot AI review requested due to automatic review settings July 2, 2026 18:52

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR reduces accidental exposure of GitHub API keys by masking them by default in the collectoss github api-keys CLI output, while still allowing full key display when explicitly requested.

Changes:

  • Mask API keys by default in github api-keys output using the existing mask_key helper.
  • Add a --show-keys flag to optionally display full API keys.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread collectoss/application/cli/github.py Outdated
Comment on lines +75 to +77

display_key = key if show_keys else mask_key(key)
print(f"{display_key} | {core_requests} | {core_reset_time} | {graphql_requests} | {graphql_reset_time} |")
@test_connection
@test_db_connection
def update_api_key():
def update_api_key(show_keys):
Signed-off-by: iGufrankhan <gufrankhankab123@gmail.com>
@iGufrankhan iGufrankhan force-pushed the feature/mask-github-api-keys branch from 192c38b to c574cb3 Compare July 2, 2026 19:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

mask keys by default when checking API key expiry

2 participants