Vertex AI authenticates via OAuth2 (service-account JSON path / ADC), not PROVIDER_REGISTRY, and VERTEX_CREDENTIALS_PATH is declared with password=False (it's a path, not a bare key) under category="provider" — a category the registry-derived blocklist loop never checks. Both it and GOOGLE_APPLICATION_CREDENTIALS (the ADC fallback the adapter also reads) fell through every existing blocklist source and leaked the on-disk location of a GCP service-account key into every spawned subprocess (terminal, codex/copilot app-server, browser workers) — the same leak class already closed for every other provider's credentials in #53503. |
||
|---|---|---|
| .. | ||
| __init__.py | ||
| base.py | ||
| daytona.py | ||
| docker.py | ||
| file_sync.py | ||
| local.py | ||
| managed_modal.py | ||
| modal.py | ||
| modal_utils.py | ||
| singularity.py | ||
| ssh.py | ||