Redact private key material in errors

[cybele-ripple]

High Level Overview of Change

Private keys now appear as [redacted] in error messages

Context of Change

When key validation failed, keyError() interpolated the full hex key into the thrown Error.message. For private keys this propagated the secret to application logs, error-tracking services, and HTTP responses that echo error messages.

Replace the key with "[redacted]" when type === 'private'. Public keys are still rendered since they are not sensitive. Add a test asserting the private-key hex is absent from the error message and a regression test pinning the redaction contract.

Type of Change

• [ x] Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Refactor (non-breaking change that only restructures code)
• Tests (You added tests for code that already exists, or your new feature included in this PR)
• Documentation Updates
• Release

Did you update HISTORY.md?

• Yes
• No, this change does not impact library users

Test Plan

Added tests to demonstrate security fix

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 61faa892-1922-4fa8-8720-ee90d297813e

📥 Commits

Reviewing files that changed from the base of the PR and between 873370f and 1995551.

📒 Files selected for processing (1)

• packages/ripple-keypairs/test/getAlgorithmFromKey.test.ts

🚧 Files skipped from review as they are similar to previous changes (1)

• packages/ripple-keypairs/test/getAlgorithmFromKey.test.ts

---

Walkthrough

The PR redacts private key material in invalid_key error messages emitted by getAlgorithmFromKey: when type === 'private' the error shows Key: [redacted]; public-key errors still include the provided key. Tests were updated/added to assert redaction and preserve public-key behavior.

Changes

Cohort / File(s)	Summary
Redaction logic packages/ripple-keypairs/src/utils/getAlgorithmFromKey.ts	Added conditional redaction so invalid_key errors show Key: [redacted] when type === 'private'; formatting around Prefix: normalized.
Tests packages/ripple-keypairs/test/getAlgorithmFromKey.test.ts	Updated existing private/public key format tests and added a test that asserts private keys are redacted in error messages and public keys remain visible.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related issues

• Private key material leaked in error messages #3317 — Implements the same private-key redaction in getAlgorithmFromKey error output to avoid exposing key material.

Suggested reviewers

• pdp2121
• achowdhry-ripple
• ckeshava

Poem

I nibble bytes and guard the gate,
Private seeds I won’t narrate,
“[redacted]” I whisper soft and sly,
Public keys wave openly by,
A hopping hush — your secrets safe. 🐰

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically summarizes the main change: redacting private key material in error messages.
Description check	✅ Passed	The description covers required sections including high-level overview, context of change, and type of change. However, the 'Test Plan' section is minimal and lacks detail about how to reproduce or verify the fix.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch security-vulnerability-error

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@packages/ripple-keypairs/src/utils/getAlgorithmFromKey.ts`:
- Around line 82-88: The error message in getAlgorithmFromKey.ts builds a
template string that redacts the key via keyRepr but still renders
prefixRepr(prefix), which can leak key-derived bytes for private-key errors;
update the return logic in the function (the block that builds the
`invalid_key:` message) to detect when `type === 'private'` and use a redacted
placeholder for the Prefix (e.g., the same `[redacted]` used for `keyRepr`)
instead of calling `prefixRepr(prefix)` so private-key-derived prefixes are
never included in the Error.message.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 1fc5022b-11bf-489a-bb9d-4f568f8bdd33

📥 Commits

Reviewing files that changed from the base of the PR and between 781f03a and 873370f.

📒 Files selected for processing (2)

• packages/ripple-keypairs/src/utils/getAlgorithmFromKey.ts
• packages/ripple-keypairs/test/getAlgorithmFromKey.test.ts

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Redact private-key-derived prefixes too.

Key: is redacted, but Prefix: can still expose the first byte of an invalid unprefixed private key. For private-key errors, avoid rendering key-derived prefix bytes in Error.message.

🛡️ Proposed fix

   const validFormats = getValidFormatsTable(type)
   const keyRepr = type === 'private' ? '[redacted]' : key
+  const prefixReprForMessage =
+    type === 'private' ? '[redacted]' : prefixRepr(prefix)
 
   return `invalid_key:
 
 Type: ${type}
 Key: ${keyRepr}
-Prefix: ${prefixRepr(prefix)}
+Prefix: ${prefixReprForMessage}
 Length: ${len} bytes

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	const keyRepr = type === 'private' ? '[redacted]' : key
	return `invalid_key:
	Type: ${type}
	Key: ${key}
	Prefix: ${prefixRepr(prefix)}
	Key: ${keyRepr}
	Prefix: ${prefixRepr(prefix)}
	const keyRepr = type === 'private' ? '[redacted]' : key
	const prefixReprForMessage =
	type === 'private' ? '[redacted]' : prefixRepr(prefix)
	return `invalid_key:
	Type: ${type}
	Key: ${keyRepr}
	Prefix: ${prefixReprForMessage}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/ripple-keypairs/src/utils/getAlgorithmFromKey.ts` around lines 82 -
88, The error message in getAlgorithmFromKey.ts builds a template string that
redacts the key via keyRepr but still renders prefixRepr(prefix), which can leak
key-derived bytes for private-key errors; update the return logic in the
function (the block that builds the `invalid_key:` message) to detect when `type
=== 'private'` and use a redacted placeholder for the Prefix (e.g., the same
`[redacted]` used for `keyRepr`) instead of calling `prefixRepr(prefix)` so
private-key-derived prefixes are never included in the Error.message.