[SECURITY] Secret detection to prevent credential leaks

[jwesleye]

Feature Description

Detect and warn when API keys or secrets appear in output.

Problem/Motivation

Easy to accidentally expose secrets in conversations or exports.

Proposed Solution

• Scan output for patterns (API keys, passwords, tokens)
• Warn before displaying: "⚠️ Possible API key detected"
• Option to auto-scrub from exports
• Configurable patterns

Detect:

• API keys (various formats)
• AWS credentials
• Private keys
• Passwords
• Tokens

Benefits

• Prevent credential leaks
• Security best practices
• Peace of mind
• Compliance help

Priority

• Critical
• High
• Medium
• Low

[github-actions]

This issue has been automatically marked as stale because it has not had recent activity.
It will be closed in 14 days if no further activity occurs.

If this issue is still relevant, please:

• Comment to keep it open
• Remove the "status: stale" label
• Provide additional information or updates

Thank you for your contributions!

[jwesleye]

Closing as out of scope for this AWS Strands CLI tool.

This is an enterprise/compliance feature that adds significant complexity for a use case that doesn't align with a simple CLI tool.

For users with security/compliance requirements:

• Implement security controls at the infrastructure level
• Use enterprise agent platforms with built-in audit features
• Review saved conversation files manually (stored in ~/.agent-conversations/)

This CLI tool is focused on providing a straightforward interface for AWS Strands agents, not enterprise security features.

Thank you for the suggestion!