fix(security): Clear secrets from UI when encryption key is reset#86
Merged
Conversation
CRITICAL SECURITY FIX: When encryption key was reset, secret environment variables remained visible in plain text in the UI. Both global secrets (Settings > Environment) and terminal-specific secrets (Terminal Editor) were exposed. Root cause: SecureStorage correctly deleted the key and encrypted file, but secret values remained in memory in GlobalEnvironmentManager and TerminalCard arrays. The UI displayed these leftover in-memory values as plain text. Changes: - Add GlobalEnvironmentManager.deleteAllSecrets() to clear global secrets - Add BoardViewModel.deleteAllTerminalSecrets() to clear terminal secrets - Update SettingsEnvironmentView.resetEncryptionKey() to call both cleanup methods after key reset Impact: Secrets are now properly cleared from UI after key reset. Running terminal sessions retain their environment (expected behavior - can't retroactively modify running process environments). Testing: Verified that both global and terminal-specific secrets are cleared from UI after key reset. Phase: v0.7.0 Stabilization - Phase 3 (Environment Variables) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
eyelock
pushed a commit
that referenced
this pull request
Jan 26, 2026
Enhances the encryption key reset confirmation dialog to show exact counts of secrets that will be deleted (global and terminal). When secrets exist: - "This will permanently delete 2 global secrets and 3 terminal secrets (5 total)..." When no secrets exist: - Shows standard confirmation message Integrates with PR #86's cleanup architecture while adding improved UX from PR #77. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This was referenced Jan 26, 2026
eyelock
added a commit
that referenced
this pull request
Jan 26, 2026
* feat(cli): Add separate debug binaries for TermQDebug.app testing Creates termqclid and termqmcpd binaries that default to using the debug bundle ID (net.eyelock.termq.app.debug) and debug data directory (TermQ-Debug). This enables proper testing of TermQDebug.app via CLI without needing to manually specify --debug flags or having commands sent to the production app. Changes: - Add TERMQ_DEBUG_BUILD compile flag support to CLI and MCP server - Create termqBundleIdentifier() helper to return appropriate bundle ID - Build debug binaries with separate build directory to avoid contamination - Install debug binaries to TermQDebug.app/Contents/Resources/ - Update shouldUseDebugMode() to force debug mode when flag is set Resolves CLI delete command not working with TermQDebug.app during Phase 4 testing. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> * docs: Document debug CLI/MCP binaries in CONTRIBUTING.md * feat: Show secret counts in encryption key reset warning Enhances the encryption key reset confirmation dialog to show exact counts of secrets that will be deleted (global and terminal). When secrets exist: - "This will permanently delete 2 global secrets and 3 terminal secrets (5 total)..." When no secrets exist: - Shows standard confirmation message Integrates with PR #86's cleanup architecture while adding improved UX from PR #77. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> --------- Co-authored-by: David Collie <support@eyelock.net> Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Security fix for Phase 3 (Environment Variables) testing.
When the encryption key was reset via Settings > Environment > "Reset Encryption Key", secret environment variables remained visible in plain text in the UI. This affected both global secrets (Settings > Environment) and terminal-specific secrets (Terminal Editor > Environment tab).
Root Cause
SecureStorage.resetEncryptionKey()correctly deleted the encryption key and encrypted file, but secret values remained in memory in two locations:GlobalEnvironmentManager.variablesarray (global secrets)TerminalCard.environmentVariablesarrays (terminal-specific secrets)The UI continued displaying these leftover in-memory values as plain text after the key reset.
Changes
Added Methods
GlobalEnvironmentManager.deleteAllSecrets()- Removes all secret variables from the global environment variables arrayBoardViewModel.deleteAllTerminalSecrets()- Iterates through all terminal cards and removes their secret environment variablesUpdated Method
SettingsEnvironmentView.resetEncryptionKey()- Now calls both cleanup methods after key reset, ensuring all secrets are cleared from memory before UI refreshFiles Modified
Sources/TermQ/ViewModels/GlobalEnvironmentManager.swift(lines 186-192)Sources/TermQ/ViewModels/BoardViewModel.swift(lines 579-593)Sources/TermQ/Views/SettingsEnvironmentView.swift(lines 176-196)Impact
After this fix, both global and terminal-specific secrets are completely cleared from the UI when encryption key is reset.
Note: Running terminal sessions retain their environment variables, which is expected behavior since we can't retroactively modify running process environments.
Testing
Phase
Part of v0.7.0 Stabilization - Phase 3 (Environment Variables)
🤖 Generated with Claude Code