Plannedsecuritysecretsredaction

Our KB has example configs with API keys - will Jarvis leak them?

892 views2 replies17 likes

David H.

Security Architect · Posted 6 days ago

Some of our KB files have example configurations that include (fake but realistic-looking) API keys. I don't love that these end up in Jarvis's context window, and I really don't want one of them slipping into a customer-facing response.

2 Replies

Accepted answer

Nikhil K.Staff6 days ago

Founder, CEO

Valid concern. Current state:

Jarvis has a response-time filter that strips anything matching common secret patterns (AWS keys, Stripe keys, JWTs, etc.) before sending outbound. Not perfect, pattern-based.
Auto-redaction at KB import time is on the roadmap (redact on the way in, re-inject the redacted value for the agent if needed). ETA mid-2026.

Recommendation for now:

Scrub example keys in your KB to obvious placeholders like sk_live_YOUR_KEY_HERE so there's nothing real to leak
Enable the strict response filter in Settings > Security > Response Filters > 'Block responses containing secret-shaped strings' (blocks the response entirely and escalates to human)

If you have specific key formats we don't detect today, post them and we'll add detection.

David H.5 days ago

Security Architect

Scrubbed KB + strict response filter enabled. Will wait for the auto-redaction feature for belt-and-suspenders.

Back to Knowledge Base