Summary
The Postgres and object-store token backends still mirror authentication data into local plaintext spool directories, so selecting a remote backend does not stop secrets from being written to disk.
Evidence
internal/store/objectstore.go:43 documents that files are mirrored to a local workspace.internal/store/objectstore.go:88 and internal/store/objectstore.go:89 create config/ and auths/ under the local spool root.internal/store/postgresstore.go:37 documents local mirroring for the Postgres backend.internal/store/postgresstore.go:74 and internal/store/postgresstore.go:75 create local config/ and auths/ directories.cmd/server/main.go:492 assigns cfg.AuthDir = pgStoreInst.AuthDir() for the Postgres path.cmd/server/main.go:559 assigns cfg.AuthDir = objectStoreInst.AuthDir() for the object-store path.
Why this matters
Operators can reasonably believe that remote-backed storage removes or reduces local secret persistence. In practice, refresh tokens and equivalent auth material are still duplicated onto disk in workspace-relative directories.
Attack or failure scenario
A deployment enables Postgres or object storage expecting central secret management. A host compromise, accidental backup, container volume mount, or support bundle then exposes the mirrored local auths/ directory containing long-lived credentials.
Root cause
The remote storage implementations preserve file-based compatibility by silently routing auth persistence back into local spool directories.
Recommended fix
Make local mirroring opt-in rather than implicit, or encrypt and tightly constrain any unavoidable local cache. At minimum, document the behavior explicitly and provide a mode that avoids local plaintext auth copies.
Acceptance criteria
- Remote-backed modes can run without silently creating plaintext local auth mirrors.
- If a local cache is required, it is explicit, documented, and protected.
- Tests cover the selected persistence behavior.
LLM / code-bot handling
Do not attempt an autonomous fix unless a human has reviewed the affected code and approved the remediation plan. If the agent is unsure about correctness, scope, or trust-boundary impact, stop and escalate to a human reviewer.
Suggested labels
Priority
P2
Severity
high
Confidence
confirmed
Summary
The Postgres and object-store token backends still mirror authentication data into local plaintext spool directories, so selecting a remote backend does not stop secrets from being written to disk.
Evidence
internal/store/objectstore.go:43documents that files are mirrored to a local workspace.internal/store/objectstore.go:88andinternal/store/objectstore.go:89createconfig/andauths/under the local spool root.internal/store/postgresstore.go:37documents local mirroring for the Postgres backend.internal/store/postgresstore.go:74andinternal/store/postgresstore.go:75create localconfig/andauths/directories.cmd/server/main.go:492assignscfg.AuthDir = pgStoreInst.AuthDir()for the Postgres path.cmd/server/main.go:559assignscfg.AuthDir = objectStoreInst.AuthDir()for the object-store path.Why this matters
Operators can reasonably believe that remote-backed storage removes or reduces local secret persistence. In practice, refresh tokens and equivalent auth material are still duplicated onto disk in workspace-relative directories.
Attack or failure scenario
A deployment enables Postgres or object storage expecting central secret management. A host compromise, accidental backup, container volume mount, or support bundle then exposes the mirrored local
auths/directory containing long-lived credentials.Root cause
The remote storage implementations preserve file-based compatibility by silently routing auth persistence back into local spool directories.
Recommended fix
Make local mirroring opt-in rather than implicit, or encrypt and tightly constrain any unavoidable local cache. At minimum, document the behavior explicitly and provide a mode that avoids local plaintext auth copies.
Acceptance criteria
LLM / code-bot handling
Do not attempt an autonomous fix unless a human has reviewed the affected code and approved the remediation plan. If the agent is unsure about correctness, scope, or trust-boundary impact, stop and escalate to a human reviewer.
Suggested labels
Priority
P2
Severity
high
Confidence
confirmed