## What gets scrubbed, and when

`roar` captures a lot of context about a run — environment variables, the git remote it was cloned from, command arguments. Some of that can contain secrets: a `WANDB_API_KEY` in the environment, a token embedded in a git remote URL, a password on a command line. **Omit filtering** is the layer that removes those before a lineage leaves your machine.

> **Redaction happens at publish time, not capture time.** Your local `.roar/roar.db` records what actually ran. Omit filtering runs when you `roar register` or `roar put` — it scrubs the *outgoing* registration payload sent to GLaaS. Nothing is redacted from your local record, and nothing about the run itself changes.

This is distinct from [Filtering](/docs/filtering), which decides *which files* enter your lineage. Omit filtering decides *which values* are stripped from a lineage before it's shared.

## What it catches

`roar` redacts three classes of value from the registration payload:

- **Named environment variables.** Values of environment variables whose *names* match the configured list are replaced with a redaction marker. The default list covers common offenders:

  ```
  WANDB_API_KEY, OPENAI_API_KEY, ANTHROPIC_API_KEY,
  GITHUB_TOKEN, DATABASE_URL, AWS_SECRET_ACCESS_KEY
  ```

- **Credentials in git remote URLs.** `roar` records the git remote so a lineage can be reproduced, but a remote can carry a credential. `roar` redacts the userinfo while preserving the host and path so the remote is still identifiable:

  | Recorded remote | Published as |
  |---|---|
  | `https://x-access-token:ghp_abc123@github.com/acme/models.git` | `https://x-access-token:[REDACTED]@github.com/acme/models.git` |
  | `user:s3cr3t@git.internal.example.com:acme/models.git` (scp-style) | `[REDACTED]@git.internal.example.com:acme/models.git` |
  | `git@github.com:acme/models.git` (no credential) | *unchanged* |

  A plain `git@host:org/repo` remote — the common SSH-key case, where `git` is the user and the key lives in your agent, not the URL — is left alone; only embedded credentials are stripped.

- **Explicit secret values.** Any string you list is redacted wherever it appears in the payload, regardless of source.

## Seeing it happen

When a registration would carry a secret, `roar` tells you before publishing and asks for confirmation:

```
$ roar register model.pkl
Detected 1 potential secret type(s) that will be redacted:
  - git_url_creds
Continue with registration? (secrets will be filtered) [y/N]:
```

Detection IDs (`git_url_creds`, `git_url_scp_userinfo`, an env-var name, …) name what was found so you can confirm the right thing is being scrubbed. Use `--dry-run` to inspect a registration without publishing, and `-y` to skip the prompt in automation.

## Configuration

All settings live under `registration.omit.*` and are managed with `roar config`:

| Key | Default | Purpose |
|---|---|---|
| `registration.omit.enabled` | `true` | Master switch for secret filtering. |
| `registration.omit.env_vars.names` | the list above | Environment-variable **names** whose values are redacted. |
| `registration.omit.secrets.values` | *(empty)* | Explicit secret **values** to always redact (comma-separated). |
| `registration.omit.allowlist.patterns` | *(empty)* | Patterns that should **not** be treated as secrets, to suppress false positives. |

```bash
# Redact an extra project-specific token by name
roar config set registration.omit.env_vars.names \
  "WANDB_API_KEY,OPENAI_API_KEY,MY_INTERNAL_TOKEN"

# Always scrub a known literal value
roar config set registration.omit.secrets.values "sk-live-9f3c...,hunter2"
```

## Publishing without attribution

Redaction removes secrets from a payload, but the payload is still attributed to your account. To publish a lineage with **no** attribution to you — a fully anonymous public record — use `--anonymous` on `roar register` or `roar put`. This is orthogonal to omit filtering: anonymous controls *who the record is attributed to*; omit controls *what values it contains*. See [Scopes](/docs/scopes) for visibility (private vs. public) and [Authentication](/docs/authentication) for how identity is established.

> **Omit filtering is a safety net, not a secrets manager.** It redacts known names, known values, and credential-shaped URL userinfo. It will not catch a novel secret pasted into a command-line argument or written into a tracked output file. Keep secrets in environment variables or a secrets store, add project-specific names to `env_vars.names`, and review `--dry-run` output before publishing anything sensitive.
