Timmy_Foundation/hermes-agent
15
0
Fork 0
Code Issues 277 Pull Requests 89 Actions 1 Packages Projects Releases Wiki Activity

fix(docker): add explicit env allowlist for container credentials (#1436)

Browse Source 
Docker terminal sessions are secret-dark by default. This adds
terminal.docker_forward_env as an explicit allowlist for env vars
that may be forwarded into Docker containers.

Values resolve from the current shell first, then fall back to
~/.hermes/.env. Only variables the user explicitly lists are
forwarded — nothing is auto-exposed.

Cherry-picked from PR #1449 by @teknium1, conflict-resolved onto
current main.

Fixes #1436
Supersedes #1439
This commit is contained in:
Teknium
2026-03-17 02:34:25 -07:00
committed by teknium1
parent d50e0711c2
commit 556e0f4b43
12 changed files with 170 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
website/docs/user-guide/features/tools.md
View File

@@ -135,6 +135,8 @@ All container backends run with security hardening:
- Full namespace isolation
- Persistent workspace via volumes, not writable root layer
Docker can optionally receive an explicit env allowlist via `terminal.docker_forward_env`, but forwarded variables are visible to commands inside the container and should be treated as exposed to that session.
## Background Process Management
Start background processes and manage them: