Skip to content

Reduce custom secret minimum length threshold from 8 to 6 characters#15231

Merged
pelikhan merged 2 commits intomainfrom
copilot/reduce-secrets-length
Feb 12, 2026
Merged

Reduce custom secret minimum length threshold from 8 to 6 characters#15231
pelikhan merged 2 commits intomainfrom
copilot/reduce-secrets-length

Conversation

Copy link
Contributor

Copilot AI commented Feb 12, 2026
edited
Loading

Lowered the minimum length threshold for custom secrets from 8 to 6 characters in redact_secrets.cjs. Well-known secrets (GitHub tokens, API keys, etc.) remain pattern-matched via regex and are unaffected by this threshold.

Changes

  • redact_secrets.cjs: Changed minimum length check from < 8 to < 6 for custom secrets
  • redact_secrets.test.cjs:
    • Updated "skip very short values" test to verify 5-character secrets are ignored
    • Added test case confirming 6-character secrets are now redacted

Context

Custom secrets are loaded from environment variables and checked against a length threshold before redaction. The BUILT_IN_PATTERNS array (16 well-known credential formats) operates independently via regex matching:

// Custom secrets: now 6+ chars required
if (!secretValue || secretValue.length < 6) {
  continue;
}

// Well-known patterns: length-independent
const BUILT_IN_PATTERNS = [
  { name: "GitHub Personal Access Token", pattern: /ghp_[0-9a-zA-Z]{36}/g },
  { name: "OpenAI API Key", pattern: /sk-[a-zA-Z0-9]{48}/g },
  // ... 14 more patterns
];

This allows shorter legitimate secrets (e.g., 6-7 character API keys) to be redacted while avoiding false positives from 1-5 character strings.

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

Copilot stopped work on behalf of pelikhan due to an error February 12, 2026 20:01
Failed to launch agent
Copilot stopped work on behalf of pelikhan due to an error February 12, 2026 20:01
Failed to launch agent
Copilot stopped work on behalf of pelikhan due to an error February 12, 2026 20:01
Failed to launch agent
@pelikhan
Reduce minimum secret length to 6 characters in redact_secrets.cjs
c001517 
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title [WIP] Update minimum length of secrets to six characters Reduce custom secret minimum length threshold from 8 to 6 characters Feb 12, 2026
Copilot AI requested a review from pelikhan February 12, 2026 20:15
@pelikhan pelikhan marked this pull request as ready for review February 12, 2026 20:16
Copilot AI review requested due to automatic review settings February 12, 2026 20:16
Copilot AI reviewed Feb 12, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR reduces the minimum length threshold for custom secret redaction from 8 to 6 characters in redact_secrets.cjs, allowing shorter legitimate secrets (such as 6-7 character API keys) to be redacted while still avoiding false positives from very short strings. Well-known credential patterns (GitHub tokens, API keys, etc.) continue to use regex-based detection independent of this threshold.

Changes:

  • Lowered custom secret minimum length from 8 to 6 characters in the redaction logic
  • Updated test suite to verify the new boundary: 5-character secrets are skipped, 6-character secrets are redacted

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
actions/setup/js/redact_secrets.cjs Changed minimum length check from < 8 to < 6 for custom secrets at line 117
actions/setup/js/redact_secrets.test.cjs Updated "skip very short values" test to use 5-character secret and added new test case confirming 6-character secrets are now redacted

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@pelikhan pelikhan merged commit bdaa77e into main Feb 12, 2026
159 checks passed
@pelikhan pelikhan deleted the copilot/reduce-secrets-length branch February 12, 2026 20:28
@github-actions github-actions bot mentioned this pull request Feb 13, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

+1 more reviewer

@pelikhan pelikhan pelikhan approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@pelikhan pelikhan

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pelikhan