Revert unintended credentials exposure (#18840)

2026-03-10 14:10:37 -07:00 · 2026-02-11 15:06:28 -05:00
parent 02adfe2bca
commit e9a9474810
6 changed files with 8 additions and 132 deletions
--- a/docs/tools/mcp-server.md
+++ b/docs/tools/mcp-server.md
@@ -739,21 +739,10 @@ The MCP integration tracks several states:
  cautiously and only for servers you completely control
 - **Access tokens:** Be security-aware when configuring environment variables
  containing API keys or tokens
- **Environment variable redaction:** By default, the Gemini CLI redacts
-  sensitive environment variables (such as `GEMINI_API_KEY`, `GOOGLE_API_KEY`,
-  and variables matching patterns like `*TOKEN*`, `*SECRET*`, `*PASSWORD*`) when
-  spawning MCP servers using the `stdio` transport. This prevents unintended
-  exposure of your credentials to third-party servers.
- **Explicit environment variables:** If you need to pass a specific environment
-  variable to an MCP server, you should define it explicitly in the `env`
-  property of the server configuration in `settings.json`.
 - **Sandbox compatibility:** When using sandboxing, ensure MCP servers are
-  available within the sandbox environment.
+  available within the sandbox environment
 - **Private data:** Using broadly scoped personal access tokens can lead to
  information leakage between repositories.
- **Untrusted servers:** Be extremely cautious when adding MCP servers from
-  untrusted or third-party sources. Malicious servers could attempt to
-  exfiltrate data or perform unauthorized actions through the tools they expose.

 ### Performance and resource management