onyx-tasks

History

Tristan Michael 0c4073c998 security: harden credential management in onyx-core - Enforce HTTPS for WebDAV URLs (reject http:// to prevent plaintext credentials) - Replace String with Zeroizing<String> for credential fields and load_credentials return - Remove manual Drop impl (Zeroizing handles zeroize-on-drop automatically) - Scope keyring password entries by domain+username to prevent collisions - Add migration fallback for legacy unscoped keyring entries - Sanitize error messages to not leak keyring service patterns or env var names - Add log warnings when falling back to env var credentials - Add log dependency to onyx-core Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-03 10:11:40 -07:00
..
src	security: harden credential management in onyx-core	2026-04-03 10:11:40 -07:00
Cargo.toml	security: harden credential management in onyx-core	2026-04-03 10:11:40 -07:00

Tristan Michael 0c4073c998 security: harden credential management in onyx-core

- Enforce HTTPS for WebDAV URLs (reject http:// to prevent plaintext credentials)
- Replace String with Zeroizing<String> for credential fields and load_credentials return
- Remove manual Drop impl (Zeroizing handles zeroize-on-drop automatically)
- Scope keyring password entries by domain+username to prevent collisions
- Add migration fallback for legacy unscoped keyring entries
- Sanitize error messages to not leak keyring service patterns or env var names
- Add log warnings when falling back to env var credentials
- Add log dependency to onyx-core

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-03 10:11:40 -07:00

src

security: harden credential management in onyx-core

2026-04-03 10:11:40 -07:00

Cargo.toml

security: harden credential management in onyx-core

2026-04-03 10:11:40 -07:00