Jeremie Fraeys 412d7b82e9 security: implement comprehensive secrets protection ... Critical fixes: - Add SanitizeConnectionString() in storage/db_connect.go to remove passwords - Add SecureEnvVar() in api/factory.go to clear env vars after reading (JWT_SECRET) - Clear DB password from config after connection Logging improvements: - Enhance logging/sanitize.go with patterns for: - PostgreSQL connection strings - Generic connection string passwords - HTTP Authorization headers - Private keys CLI security: - Add --security-audit flag to api-server for security checks: - Config file permissions - Exposed environment variables - Running as root - API key file permissions - Add warning when --api-key flag used (process list exposure) Files changed: - internal/storage/db_connect.go - internal/api/factory.go - internal/logging/sanitize.go - internal/auth/flags.go - cmd/api-server/main.go		2026-02-18 16:18:09 -05:00
..
dataset.go	refactor(dependency-hygiene): Fix Redis leak, simplify TUI wrapper, clean go.mod	2026-02-17 21:13:49 -05:00
db_connect.go	security: implement comprehensive secrets protection	2026-02-18 16:18:09 -05:00
db_experiments.go	refactor(storage,queue): split storage layer and add sqlite queue backend	2026-01-05 12:31:02 -05:00
db_jobs.go	refactor(storage,queue): split storage layer and add sqlite queue backend	2026-01-05 12:31:02 -05:00
db_metrics.go	feat: implement WebSocket handler improvements and metrics persistence	2026-02-18 14:36:05 -05:00
migrate.go	refactor(dependency-hygiene): Fix Redis leak, simplify TUI wrapper, clean go.mod	2026-02-17 21:13:49 -05:00
paths.go	refactor: Phase 3 - fix config/storage boundaries	2026-02-17 12:49:53 -05:00
schema_embed.go	refactor(storage,queue): split storage layer and add sqlite queue backend	2026-01-05 12:31:02 -05:00
schema_postgres.sql	refactor: update WebSocket handlers and database schemas	2026-02-18 14:36:30 -05:00
schema_sqlite.sql	refactor: update WebSocket handlers and database schemas	2026-02-18 14:36:30 -05:00