diff --git a/.helm-repositories.yaml b/.helm-repositories.yaml
index 4f875a2b..165c72a1 100644
--- a/.helm-repositories.yaml
+++ b/.helm-repositories.yaml
@@ -7,24 +7,18 @@ repositories:
     keyFile: ''
     name: bitnami
     pass_credentials_all: false
-    password: ''
     url: https://charts.bitnami.com/bitnami
-    username: ''
   - caFile: ''
     certFile: ''
     insecure_skip_tls_verify: false
     keyFile: ''
     name: chainlink-qa
     pass_credentials_all: false
-    password: ''
     url: https://raw.githubusercontent.com/smartcontractkit/qa-charts/gh-pages/
-    username: ''
   - caFile: ''
     certFile: ''
     insecure_skip_tls_verify: false
     keyFile: ''
     name: grafana
     pass_credentials_all: false
-    password: ''
     url: https://grafana.github.io/helm-charts
-    username: ''
diff --git a/ops/localenv/main.go b/ops/localenv/main.go
index e1ed097d..78c9df78 100644
--- a/ops/localenv/main.go
+++ b/ops/localenv/main.go
@@ -66,6 +66,14 @@ func main() {
 	}
 }
 
+// sanitizeForOutput escapes newlines/carriage returns to prevent log injection (CWE-117).
+func sanitizeForOutput(s string) string {
+	s = strings.ReplaceAll(s, "\\", "\\\\")
+	s = strings.ReplaceAll(s, "\r", "\\r")
+	s = strings.ReplaceAll(s, "\n", "\\n")
+	return s
+}
+
 func setEnvIfNotExists(key, defaultValue string) {
 	value := os.Getenv(key)
 	if value == "" {
@@ -98,7 +106,7 @@ func run(name string, f string, args ...string) {
 				wg.Done()
 				break
 			}
-			fmt.Print(string(p[:n]))
+			fmt.Print(sanitizeForOutput(string(p[:n])))
 		}
 	}()
 	go func() {
@@ -109,7 +117,7 @@ func run(name string, f string, args ...string) {
 				wg.Done()
 				break
 			}
-			fmt.Print(string(p[:n]))
+			fmt.Print(sanitizeForOutput(string(p[:n])))
 		}
 	}()