Secret Redaction
On this page
What gets scrubbed, and when
roar captures a lot of context about a run — environment variables, the git remote it was cloned from, command arguments. Some of that can contain secrets: a WANDB_API_KEY in the environment, a token embedded in a git remote URL, a password on a command line. Omit filtering is the layer that removes those before a lineage leaves your machine.
Redaction happens at publish time, not capture time. Your local
.roar/roar.dbrecords what actually ran. Omit filtering runs when youroar registerorroar put— it scrubs the outgoing registration payload sent to GLaaS. Nothing is redacted from your local record, and nothing about the run itself changes.
This is distinct from Filtering, which decides which files enter your lineage. Omit filtering decides which values are stripped from a lineage before it's shared.
What it catches
roar redacts three classes of value from the registration payload:
- Named environment variables. Values of environment variables whose names match the configured list are replaced with a redaction marker. The default list covers common offenders:
WANDB_API_KEY, OPENAI_API_KEY, ANTHROPIC_API_KEY, GITHUB_TOKEN, DATABASE_URL, AWS_SECRET_ACCESS_KEY - Credentials in git remote URLs.
roarrecords the git remote so a lineage can be reproduced, but a remote can carry a credential.roarredacts the userinfo while preserving the host and path so the remote is still identifiable:Recorded remote Published as https://x-access-token:ghp_abc123@github.com/acme/models.githttps://x-access-token:[REDACTED]@github.com/acme/models.gituser:s3cr3t@git.internal.example.com:acme/models.git(scp-style)[REDACTED]@git.internal.example.com:acme/models.gitgit@github.com:acme/models.git(no credential)unchanged
A plaingit@host:org/reporemote — the common SSH-key case, wheregitis the user and the key lives in your agent, not the URL — is left alone; only embedded credentials are stripped. - Explicit secret values. Any string you list is redacted wherever it appears in the payload, regardless of source.
Seeing it happen
When a registration would carry a secret, roar tells you before publishing and asks for confirmation:
$ roar register model.pkl
Detected 1 potential secret type(s) that will be redacted:
- git_url_creds
Continue with registration? (secrets will be filtered) [y/N]:
Detection IDs (git_url_creds, git_url_scp_userinfo, an env-var name, …) name what was found so you can confirm the right thing is being scrubbed. Use --dry-run to inspect a registration without publishing, and -y to skip the prompt in automation.
Configuration
All settings live under registration.omit.* and are managed with roar config:
| Key | Default | Purpose |
|---|---|---|
registration.omit.enabled | true | Master switch for secret filtering. |
registration.omit.env_vars.names | the list above | Environment-variable names whose values are redacted. |
registration.omit.secrets.values | (empty) | Explicit secret values to always redact (comma-separated). |
registration.omit.allowlist.patterns | (empty) | Patterns that should not be treated as secrets, to suppress false positives. |
# Redact an extra project-specific token by name
roar config set registration.omit.env_vars.names \
"WANDB_API_KEY,OPENAI_API_KEY,MY_INTERNAL_TOKEN"
# Always scrub a known literal value
roar config set registration.omit.secrets.values "sk-live-9f3c...,hunter2"
Publishing without attribution
Redaction removes secrets from a payload, but the payload is still attributed to your account. To publish a lineage with no attribution to you — a fully anonymous public record — use --anonymous on roar register or roar put. This is orthogonal to omit filtering: anonymous controls who the record is attributed to; omit controls what values it contains. See Scopes for visibility (private vs. public) and Authentication for how identity is established.
Omit filtering is a safety net, not a secrets manager. It redacts known names, known values, and credential-shaped URL userinfo. It will not catch a novel secret pasted into a command-line argument or written into a tracked output file. Keep secrets in environment variables or a secrets store, add project-specific names to
env_vars.names, and review--dry-runoutput before publishing anything sensitive.