Skip to content

forest6511/secretctl

v0.5.0 Security

This release includes 3 security fixes for security teams reviewing exposed deployments.

Published 5mo Secrets & Credentials
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 3 known CVEs

Topics

aes-256 ai-agents claude-code cli credential-management developer-tools
+10 more
devtools dotenv encryption environment-variables go local-first mcp password-manager secrets-management security

Affected surfaces

auth rbac crypto_tls

Summary

AI summary

Prevent MCP policy bypass via PATH manipulation and securely wipe sensitive keys from memory.

Full changelog

What's Changed

  • feat(phase1): implement run command for secret injection by @forest6511 in https://github.com/forest6511/secretctl/pull/5
  • feat(phase1): implement export command for .env/JSON output by @forest6511 in https://github.com/forest6511/secretctl/pull/6
  • feat(phase1): implement generate command for password generation by @forest6511 in https://github.com/forest6511/secretctl/pull/7
  • feat(phase1): implement audit export and prune commands by @forest6511 in https://github.com/forest6511/secretctl/pull/8
  • docs: update README and CHANGELOG for Phase 1 completion by @forest6511 in https://github.com/forest6511/secretctl/pull/9
  • feat(phase2a): implement MCP server with Option D+ compliance by @forest6511 in https://github.com/forest6511/secretctl/pull/11
  • feat(desktop): implement Phase 2b desktop app with Wails v2 by @forest6511 in https://github.com/forest6511/secretctl/pull/14
  • feat(e2e): Add Playwright E2E test framework for Desktop App by @forest6511 in https://github.com/forest6511/secretctl/pull/16
  • docs: update README and CHANGELOG for Phase 2 completion by @forest6511 in https://github.com/forest6511/secretctl/pull/17
  • test(e2e): enable Secret CRUD E2E tests and fix strict mode issues by @forest6511 in https://github.com/forest6511/secretctl/pull/19
  • docs: update README and CHANGELOG for Desktop App CRUD features by @forest6511 in https://github.com/forest6511/secretctl/pull/21
  • chore: update version numbers to 0.4.1 by @forest6511 in https://github.com/forest6511/secretctl/pull/23
  • feat(desktop): add audit log viewer with filtering and export by @forest6511 in https://github.com/forest6511/secretctl/pull/25
  • docs: Phase 2b completion - Audit Log Viewer v0.5.0 by @forest6511 in https://github.com/forest6511/secretctl/pull/26
  • feat(test): add Audit Log E2E tests and CI improvements by @forest6511 in https://github.com/forest6511/secretctl/pull/27
  • test(crypto): add comprehensive unit tests for crypto package by @forest6511 in https://github.com/forest6511/secretctl/pull/28
  • ci(e2e): add Playwright E2E test workflow for GitHub Actions by @forest6511 in https://github.com/forest6511/secretctl/pull/29
  • [M5] MCP MVP完了: ドキュメント整備 by @forest6511 in https://github.com/forest6511/secretctl/pull/40
  • feat(mcp): implement environment alias feature for secret_run by @forest6511 in https://github.com/forest6511/secretctl/pull/42
  • feat(desktop): enhance Secret CRUD with keyboard shortcuts and toasts by @forest6511 in https://github.com/forest6511/secretctl/pull/46
  • feat(docs): add Docusaurus documentation site for Phase 2c by @forest6511 in https://github.com/forest6511/secretctl/pull/47
  • docs: migrate MCP server docs to website by @forest6511 in https://github.com/forest6511/secretctl/pull/48
  • docs: update README and CONTRIBUTING with documentation site links by @forest6511 in https://github.com/forest6511/secretctl/pull/49
  • docs: add comprehensive Reference documentation by @forest6511 in https://github.com/forest6511/secretctl/pull/50
  • docs: Complete CLI Guide documentation by @forest6511 in https://github.com/forest6511/secretctl/pull/51
  • docs: Complete Desktop Guide documentation by @forest6511 in https://github.com/forest6511/secretctl/pull/52
  • docs: Complete Use Cases documentation by @forest6511 in https://github.com/forest6511/secretctl/pull/53
  • docs: Complete Security documentation (Phase 3) by @forest6511 in https://github.com/forest6511/secretctl/pull/54
  • fix(vault): use HMAC-SHA256 for key name hashing (#62) by @forest6511 in https://github.com/forest6511/secretctl/pull/71
  • fix(security): prevent MCP policy bypass via PATH manipulation by @forest6511 in https://github.com/forest6511/secretctl/pull/68
  • fix(mcp): enhance secret redaction to prevent leakage via encoding by @forest6511 in https://github.com/forest6511/secretctl/pull/69
  • fix(vault): avoid decrypting secret values in list operations (#61) by @forest6511 in https://github.com/forest6511/secretctl/pull/70
  • fix(vault): eliminate race condition in database file creation (#63) by @forest6511 in https://github.com/forest6511/secretctl/pull/72
  • fix(vault): securely wipe sensitive keys from memory (#64) by @forest6511 in https://github.com/forest6511/secretctl/pull/73
  • feat(mcp): add audit logging for all MCP operations (#65) by @forest6511 in https://github.com/forest6511/secretctl/pull/74
  • fix(desktop): clear clipboard when vault is locked (#66) by @forest6511 in https://github.com/forest6511/secretctl/pull/75
  • feat(ci): add test coverage reporting with Codecov by @forest6511 in https://github.com/forest6511/secretctl/pull/77
  • feat(lint): add security-focused linters and comprehensive gosec rules by @forest6511 in https://github.com/forest6511/secretctl/pull/78
  • feat(crypto): add benchmark tests for crypto package by @forest6511 in https://github.com/forest6511/secretctl/pull/79
  • docs: standardize GoDoc documentation comments by @forest6511 in https://github.com/forest6511/secretctl/pull/80
  • docs(website): add FAQ content and update desktop installation by @forest6511 in https://github.com/forest6511/secretctl/pull/81
  • build: add release workflow for v0.5.0 GA by @forest6511 in https://github.com/forest6511/secretctl/pull/84
  • ci: add documentation drift detection workflow by @forest6511 in https://github.com/forest6511/secretctl/pull/85
  • fix(crypto): add nosec directive for false positive G407 by @forest6511 in https://github.com/forest6511/secretctl/pull/86
  • fix(ci): exclude desktop from gosec scan in release workflow by @forest6511 in https://github.com/forest6511/secretctl/pull/87
  • fix(ci): correct MCP path in Option D+ checks by @forest6511 in https://github.com/forest6511/secretctl/pull/88
  • fix: add cross-platform support for Windows builds by @forest6511 in https://github.com/forest6511/secretctl/pull/89
  • fix(ci): handle macOS app bundle in release checksums by @forest6511 in https://github.com/forest6511/secretctl/pull/90

New Contributors

  • @forest6511 made their first contribution in https://github.com/forest6511/secretctl/pull/5

Full Changelog: https://github.com/forest6511/secretctl/commits/v0.5.0

Security Fixes

  • fix(security): prevent MCP policy bypass via PATH manipulation
  • fix(vault): securely wipe sensitive keys from memory (#64)
  • fix(mcp): enhance secret redaction to prevent leakage via encoding
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track forest6511/secretctl

Get notified when new releases ship.

Sign up free

About forest6511/secretctl

AI-safe secrets manager with MCP integration. Run commands with credentials injected as environment variables - AI agents never see plaintext secrets. Features output sanitization, AES-256-GCM encryption, and Argon2id key derivation.

All releases →

Related context

Beta — feedback welcome: [email protected]