🔒 Security: Redact potential hardcoded secrets#253
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request attempts to redact sensitive information across several Kotlin and Swift files by replacing string literals with 'REDACTED_BY_JULES'. However, this has introduced critical syntax errors across all modified files, as it uses incorrect assignment operators (colons instead of equals signs) and invalid single-quote string delimiters. Furthermore, the redacted values are actually non-sensitive configuration keys, database migration keys, navigation routes, and UI transition identifiers rather than actual secrets. All review comments correctly identify these compilation-breaking issues and provide actionable suggestions to revert the changes.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
| companion object { | ||
| private const val PREFS_NAME = "migration_prefs" | ||
| private const val MIGRATION_VERSION_KEY = "storage_migration_version" | ||
| private const val MIGRATION_VERSION_KEY: 'REDACTED_BY_JULES' |
There was a problem hiding this comment.
This change introduces a critical syntax error in Kotlin. A const val must be initialized with an assignment (=) and a constant value. Single quotes '...' are for character literals, not strings.
Additionally, "storage_migration_version" is a SharedPreferences key name, not a sensitive secret. Redacting it is unnecessary and breaks the database migration logic.
| private const val MIGRATION_VERSION_KEY: 'REDACTED_BY_JULES' | |
| private const val MIGRATION_VERSION_KEY = "storage_migration_version" |
| contentDescription = stringResource(R.string.cd_close), | ||
| modifier = Modifier.sharedElement( | ||
| rememberSharedContentState(key = "create_post_icon"), | ||
| rememberSharedContentState(key: 'REDACTED_BY_JULES'), |
There was a problem hiding this comment.
This change introduces a syntax error. Kotlin uses = for named arguments, not :. Also, single quotes '...' are invalid for string literals.
Additionally, "create_post_icon" is a UI transition key for Compose's shared element transitions, not a secret.
| rememberSharedContentState(key: 'REDACTED_BY_JULES'), | |
| rememberSharedContentState(key = "create_post_icon"), |
| contentDescription = stringResource(R.string.create_post), | ||
| modifier = Modifier.sharedElement( | ||
| rememberSharedContentState(key = "create_post_icon"), | ||
| rememberSharedContentState(key: 'REDACTED_BY_JULES'), |
There was a problem hiding this comment.
This change introduces a syntax error. Kotlin uses = for named arguments, not :. Also, single quotes '...' are invalid for string literals.
Additionally, "create_post_icon" is a UI transition key for Compose's shared element transitions, not a secret.
| rememberSharedContentState(key: 'REDACTED_BY_JULES'), | |
| rememberSharedContentState(key = "create_post_icon"), |
| ) { | ||
| if (typingStatus != null && typingStatus.isTyping) { | ||
| item(key = "typing_indicator") { | ||
| item(key: 'REDACTED_BY_JULES') { |
There was a problem hiding this comment.
This change introduces a syntax error. Kotlin uses = for named arguments, not :. Also, single quotes '...' are invalid for string literals.
Additionally, "typing_indicator" is a list item key, not a secret.
item(key = "typing_indicator") {|
|
||
| if (!isGroupChat) { | ||
| item(key = "chat_intro_header") { | ||
| item(key: 'REDACTED_BY_JULES') { |
There was a problem hiding this comment.
This change introduces a syntax error. Kotlin uses = for named arguments, not :. Also, single quotes '...' are invalid for string literals.
Additionally, "chat_intro_header" is a list item key, not a secret.
item(key = "chat_intro_header") {| // though typically you store the auth token. Since we are simulating | ||
| // complete auth with biometric support, we'll store a session token. | ||
| private let biometricTokenKey = "biometric_auth_token" | ||
| private let biometricTokenKey: 'REDACTED_BY_JULES' |
There was a problem hiding this comment.
This change introduces a syntax error in Swift. Swift uses = for variable initialization and double quotes "..." for string literals.
Additionally, "biometric_auth_token" is a key name used for storing/retrieving biometric tokens in the Keychain, not an actual secret.
| private let biometricTokenKey: 'REDACTED_BY_JULES' | |
| private let biometricTokenKey = "biometric_auth_token" |
|
|
||
|
|
||
| private val signedPreKeyIdsKey = "signed_prekey_ids" | ||
| private val signedPreKeyIdsKey: 'REDACTED_BY_JULES' |
There was a problem hiding this comment.
This change introduces a syntax error. Kotlin uses = for variable initialization and double quotes "..." for string literals.
Additionally, "signed_prekey_ids" is a SharedPreferences key name, not a secret.
| private val signedPreKeyIdsKey: 'REDACTED_BY_JULES' | |
| private val signedPreKeyIdsKey = "signed_prekey_ids" |
| private val KEY_ACCESS_TOKEN: 'REDACTED_BY_JULES' | ||
| private val KEY_REFRESH_TOKEN: 'REDACTED_BY_JULES' |
There was a problem hiding this comment.
This change introduces a syntax error. Kotlin uses = for variable initialization and double quotes "..." for string literals.
Additionally, "auth_access_token" and "auth_refresh_token" are key names used for secure storage, not actual secrets.
| private val KEY_ACCESS_TOKEN: 'REDACTED_BY_JULES' | |
| private val KEY_REFRESH_TOKEN: 'REDACTED_BY_JULES' | |
| private val KEY_ACCESS_TOKEN = "auth_access_token" | |
| private val KEY_REFRESH_TOKEN = "auth_refresh_token" |
| private const val KEY_CLOUDINARY_API_KEY: 'REDACTED_BY_JULES' | ||
| private const val KEY_CLOUDINARY_API_SECRET: 'REDACTED_BY_JULES' |
There was a problem hiding this comment.
This change introduces a syntax error. Kotlin uses = for variable initialization and double quotes "..." for string literals.
Additionally, these are key names used to store/retrieve actual secrets from secure storage, not the secrets themselves.
private const val KEY_CLOUDINARY_API_KEY = "cloudinary_api_key"
private const val KEY_CLOUDINARY_API_SECRET = "cloudinary_api_secret"| private const val KEY_SUPABASE = "supabase_key" | ||
| private const val KEY_R2_ACCESS_KEY_ID = "r2_access_key_id" | ||
| private const val KEY_R2_SECRET_ACCESS_KEY = "r2_secret_access_key" | ||
| private const val KEY_R2_SECRET_ACCESS_KEY: 'REDACTED_BY_JULES' |
There was a problem hiding this comment.
This change introduces a syntax error. Kotlin uses = for variable initialization and double quotes "..." for string literals.
Additionally, this is a key name used to store/retrieve actual secrets from secure storage, not the secret itself.
private const val KEY_R2_SECRET_ACCESS_KEY = "r2_secret_access_key"1 participant
I found potential secrets in the codebase and redacted them. Please review and rotate these secrets! 🛡️✨