Security: Fix network exposure and add secret redaction#1
Merged
Conversation
## Changes ### Network Security (HIGH priority) - Bind langfuse-web to 127.0.0.1:3050 instead of 0.0.0.0:3050 - Bind minio S3 API to 127.0.0.1:9090 instead of 0.0.0.0:9090 - Apply same fixes to docker-compose.test.yml This prevents services from being accessible to other machines on the network. Previously, anyone on the same WiFi/LAN could access your Langfuse dashboard and all captured traces. ### Credential Loading (MEDIUM priority) - Replace `source .env` with grep-based extraction in install-hook.sh - Prevents potential shell injection if .env contains malicious code ### Secret Redaction (NEW feature) - Add automatic redaction of common secret patterns before sending to Langfuse - Patterns: OpenAI/Anthropic keys, Bearer tokens, passwords, API keys - Enabled by default, disable with CC_LANGFUSE_REDACT=false - Recursive sanitization for nested dicts/lists in tool inputs/outputs ### Log Rotation (NEW feature) - Add log rotation when langfuse_hook.log exceeds 10MB - Keep 3 backup files (.log.1, .log.2, .log.3) - Prevents unbounded disk usage Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR addresses security vulnerabilities identified during a security audit:
🔴 Critical: Network Exposure (Fixed)
0.0.0.0:3050- accessible from any network0.0.0.0:9090- accessible from any networkImpact: Anyone on the same WiFi/LAN could access your Langfuse dashboard and all captured Claude Code conversations, including code, prompts, and potentially secrets.
Fix: Both services now bind to
127.0.0.1(localhost only).🟡 Medium: Shell Injection in install-hook.sh (Fixed)
source .envwhich would execute any shell code in the .env filegrep-based extraction🟢 New: Automatic Secret Redaction
Before sending traces to Langfuse, the hook now automatically redacts:
sk-...)sk-lf-...)This is enabled by default. Disable with
CC_LANGFUSE_REDACT=falseif needed.🟢 New: Log Rotation
Test Plan
Files Changed
docker-compose.yml- Localhost binding for langfuse-web, miniodocker-compose.test.yml- Same fixes for test confighooks/langfuse_hook.py- Secret redaction + log rotationscripts/install-hook.sh- Safe .env parsing🤖 Generated with Claude Code