Expand description
Secret-shaped env key classifier (D-08).
Case-insensitive substring match against a fixed vocabulary. Keys ending
in _URL are non-secret UNLESS they also match another substring hit
(e.g. DATABASE_URL → false, STRIPE_SECRET_URL → true).
Known behavior (documented, not a bug for this phase): plain webhook URL
envs like SLACK_WEBHOOK_URL classify as non-secret because the _URL
carve-out trumps the lack of other substring hits. Extending the
heuristic is out of scope for Phase 127.
Functions§
- is_
secret_ key - Classify an env var key as secret-shaped per D-08.