fix(config): route API keys and tokens to .env instead of config.yaml#469
Merged
teknium1 merged 1 commit intoNousResearch:mainfrom Mar 6, 2026
Merged
Conversation
ygd58
force-pushed
the
fix-api-key-config-routing
branch
from
2f84f10 to
6055adb
Compare
teknium1
added a commit
that referenced
this pull request
Mar 6, 2026
Verifies explicit allowlist keys, catch-all _API_KEY/_TOKEN patterns, case insensitivity, TERMINAL_SSH prefix, and config.yaml routing for non-secret keys. Covers the fix from PR #469.
Contributor
|
Merged in commit b89eb29 🎉 Thanks @ygd58! The catch-all pattern is a great idea — it also covers DAYTONA_API_KEY and ELEVENLABS_API_KEY that were missing from the explicit list. Added 26 tests for the routing logic in commit c309678 (explicit allowlist, catch-all patterns, case insensitivity, config.yaml fallback). |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #465
Problem
hermes config set OPENAI_API_KEY sk-xxxwas saving the key toconfig.yamlinstead of.env, despite docs stating secrets go to.env.Root Cause
The
api_keysallowlist inset_config_value()was missing several common keys (OPENAI_API_KEY,NOUS_API_KEY,WANDB_API_KEY,TINKER_API_KEY) and had no catch-all pattern for future keys.Fix
_API_KEYor_TOKENnow automatically routes to.env