Secret Redaction
What this page covers
This page explains the security boundary around Hermes secret redaction. Tool output is scanned for strings that look like tokens, API keys, and credentials before entering conversation context or logs. Redaction is separate from command approval and PII redaction.
Hermes changes quickly, so treat the official documentation as the source of truth and use the built-in CLI to inspect the local install before editing config by hand.
Fast path
```bash
hermes config set security.redact_secrets true
```
```bash
hermes config set security.redact_secrets false # only for deliberate redactor debugging, then restart
```
```bash
hermes config set privacy.redact_pii true
```
```bash
hermes config set approvals.mode smart
```
```bash
hermes config set approvals.mode manual
```
Practical checklist
- Keep secret redaction enabled for normal use.
- Changing `security.redact_secrets` requires a fresh session/restart because it is snapshotted at import time.
- Use `.env`, OAuth flows, or credential managers for secrets; do not paste raw credentials into chat.
- PII redaction for gateway messages is a separate `privacy.redact_pii` setting.
- Approval modes (`manual`, `smart`, `off`) control dangerous command prompts and do not disable secret redaction.
Common pitfalls
- Turning off redaction just to make a task easier.
- Assuming `--yolo` or approvals off exposes raw secrets; these are independent toggles.
- Saving redacted-looking values back into config as if they were real credentials.
- Publishing logs/screenshots without checking for unredacted private data.
Verification checklist
- `hermes config` shows `security.redact_secrets: true` for normal operation.
- After any redaction toggle, a fresh session or gateway restart was used.
- Logs and generated docs do not contain raw API keys, bot tokens, or passwords.
Official reference
https://hermes-agent.nousresearch.com/docs/user-guide/configuration/
