Glaas minimal logo, light

Secret Redaction

On this page

What gets scrubbed, and when

roar captures a lot of context about a run — environment variables, the git remote it was cloned from, command arguments. Some of that can contain secrets: a WANDB_API_KEY in the environment, a token embedded in a git remote URL, a password on a command line. Omit filtering is the layer that removes those before a lineage leaves your machine.

Redaction happens at publish time, not capture time. Your local .roar/roar.db records what actually ran. Omit filtering runs when you roar register or roar put — it scrubs the outgoing registration payload sent to GLaaS. Nothing is redacted from your local record, and nothing about the run itself changes.

This is distinct from Filtering, which decides which files enter your lineage. Omit filtering decides which values are stripped from a lineage before it's shared.

What it catches

roar redacts three classes of value from the registration payload:

  • Named environment variables. Values of environment variables whose names match the configured list are replaced with a redaction marker. The default list covers common offenders:
    WANDB_API_KEY, OPENAI_API_KEY, ANTHROPIC_API_KEY,
    GITHUB_TOKEN, DATABASE_URL, AWS_SECRET_ACCESS_KEY
    
  • Credentials in git remote URLs. roar records the git remote so a lineage can be reproduced, but a remote can carry a credential. roar redacts the userinfo while preserving the host and path so the remote is still identifiable:
    Recorded remotePublished as
    https://x-access-token:ghp_abc123@github.com/acme/models.githttps://x-access-token:[REDACTED]@github.com/acme/models.git
    user:s3cr3t@git.internal.example.com:acme/models.git (scp-style)[REDACTED]@git.internal.example.com:acme/models.git
    git@github.com:acme/models.git (no credential)unchanged

    A plain git@host:org/repo remote — the common SSH-key case, where git is the user and the key lives in your agent, not the URL — is left alone; only embedded credentials are stripped.
  • Explicit secret values. Any string you list is redacted wherever it appears in the payload, regardless of source.

Seeing it happen

When a registration would carry a secret, roar tells you before publishing and asks for confirmation:

$ roar register model.pkl
Detected 1 potential secret type(s) that will be redacted:
  - git_url_creds
Continue with registration? (secrets will be filtered) [y/N]:

Detection IDs (git_url_creds, git_url_scp_userinfo, an env-var name, …) name what was found so you can confirm the right thing is being scrubbed. Use --dry-run to inspect a registration without publishing, and -y to skip the prompt in automation.

Configuration

All settings live under registration.omit.* and are managed with roar config:

KeyDefaultPurpose
registration.omit.enabledtrueMaster switch for secret filtering.
registration.omit.env_vars.namesthe list aboveEnvironment-variable names whose values are redacted.
registration.omit.secrets.values(empty)Explicit secret values to always redact (comma-separated).
registration.omit.allowlist.patterns(empty)Patterns that should not be treated as secrets, to suppress false positives.
# Redact an extra project-specific token by name
roar config set registration.omit.env_vars.names \
  "WANDB_API_KEY,OPENAI_API_KEY,MY_INTERNAL_TOKEN"

# Always scrub a known literal value
roar config set registration.omit.secrets.values "sk-live-9f3c...,hunter2"

Publishing without attribution

Redaction removes secrets from a payload, but the payload is still attributed to your account. To publish a lineage with no attribution to you — a fully anonymous public record — use --anonymous on roar register or roar put. This is orthogonal to omit filtering: anonymous controls who the record is attributed to; omit controls what values it contains. See Scopes for visibility (private vs. public) and Authentication for how identity is established.

Omit filtering is a safety net, not a secrets manager. It redacts known names, known values, and credential-shaped URL userinfo. It will not catch a novel secret pasted into a command-line argument or written into a tracked output file. Keep secrets in environment variables or a secrets store, add project-specific names to env_vars.names, and review --dry-run output before publishing anything sensitive.