customable-mcp/http-mcp
2
0
Fork 0
Code Issues 6 Pull requests Projects Releases 8 Packages 1 Wiki Activity Actions

🔑 Add Secure Credential Storage (No Plaintext) #8

New issue
Open
opened 2025-10-10 09:10:36 +02:00 by jack · 0 comments
jack commented 2025-10-10 09:10:36 +02:00
Owner
Copy link

🎯 Security Issue

Problem

HTTP authentication credentials might be stored or logged in plaintext, creating security risks.

Proposed Solution

1. Secure Storage

import { createCipher, createDecipher } from 'crypto';

class SecureStore {
  private key: Buffer;

  constructor() {
    this.key = Buffer.from(process.env.ENCRYPTION_KEY!, 'hex');
  }

  encrypt(value: string): string {
    const cipher = createCipher('aes-256-gcm', this.key);
    return cipher.update(value, 'utf8', 'hex') + cipher.final('hex');
  }

  decrypt(encrypted: string): string {
    const decipher = createDecipher('aes-256-gcm', this.key);
    return decipher.update(encrypted, 'hex', 'utf8') + decipher.final('utf8');
  }
}

2. Masked Logging

function maskSensitiveData(obj: any): any {
  const masked = { ...obj };
  const sensitiveKeys = ['password', 'token', 'api_key', 'secret', 'authorization'];

  for (const key of Object.keys(masked)) {
    if (sensitiveKeys.some(sk => key.toLowerCase().includes(sk))) {
      masked[key] = '***REDACTED***';
    }
  }
  return masked;
}

3. Memory Cleanup

class SecureString {
  private value: string;

  constructor(val: string) {
    this.value = val;
  }

  use<T>(fn: (val: string) => T): T {
    try {
      return fn(this.value);
    } finally {
      // Attempt to clear from memory
      this.value = '0'.repeat(this.value.length);
    }
  }
}

Benefits

  • 🔐 Protected credentials
  • 🚫 No plaintext exposure
  • 📝 Safe logging
  • 🛡️ Compliance ready

🤖 Generated with Claude Code

## 🎯 Security Issue ### Problem HTTP authentication credentials might be stored or logged in plaintext, creating security risks. ### Proposed Solution #### 1. Secure Storage ```typescript import { createCipher, createDecipher } from 'crypto'; class SecureStore { private key: Buffer; constructor() { this.key = Buffer.from(process.env.ENCRYPTION_KEY!, 'hex'); } encrypt(value: string): string { const cipher = createCipher('aes-256-gcm', this.key); return cipher.update(value, 'utf8', 'hex') + cipher.final('hex'); } decrypt(encrypted: string): string { const decipher = createDecipher('aes-256-gcm', this.key); return decipher.update(encrypted, 'hex', 'utf8') + decipher.final('utf8'); } } ``` #### 2. Masked Logging ```typescript function maskSensitiveData(obj: any): any { const masked = { ...obj }; const sensitiveKeys = ['password', 'token', 'api_key', 'secret', 'authorization']; for (const key of Object.keys(masked)) { if (sensitiveKeys.some(sk => key.toLowerCase().includes(sk))) { masked[key] = '***REDACTED***'; } } return masked; } ``` #### 3. Memory Cleanup ```typescript class SecureString { private value: string; constructor(val: string) { this.value = val; } use<T>(fn: (val: string) => T): T { try { return fn(this.value); } finally { // Attempt to clear from memory this.value = '0'.repeat(this.value.length); } } } ``` ### Benefits - 🔐 Protected credentials - 🚫 No plaintext exposure - 📝 Safe logging - 🛡️ Compliance ready 🤖 Generated with [Claude Code](https://claude.com/claude-code)
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
develop
v2.0.1
v2.0.0
v1.0.5
v1.0.4
v1.0.3
v1.0.2
v1.0.1
v1.0.0
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
customable-mcp/http-mcp#8
No description provided.