During onboarding, openshell provider create is called with the API key interpolated directly into the shell command:
openshell provider create --name nvidia-nim --type openai \
--credential "NVIDIA_API_KEY=${process.env.NVIDIA_API_KEY}" ...
While this command is running, any user on the machine can see the full API key via ps aux. On shared systems (e.g., DGX Spark), this is a real credential exposure risk.
Expected: Pass the credential via stdin, environment variable, or a temporary file with restricted permissions — not as a command-line argument.
Related PRs that partially address this:
During onboarding,
openshell provider createis called with the API key interpolated directly into the shell command:While this command is running, any user on the machine can see the full API key via
ps aux. On shared systems (e.g., DGX Spark), this is a real credential exposure risk.Expected: Pass the credential via stdin, environment variable, or a temporary file with restricted permissions — not as a command-line argument.
Related PRs that partially address this: