personal memory agent
suppress password-manager capture on all API-key fields
1Password, Bitwarden, LastPass, and Safari Keychain were treating AI
provider API-key fields as site password fields and auto-saving them as
the saved credential — on next visit they offered the API key as the
user's site password, silently corrupting the password entry.
Fix: convert all six affected inputs from type="password" to type="text"
and add data-1p-ignore + data-lpignore="true" + data-bwignore="true" +
autocomplete="off". 1Password ignores autocomplete="off" alone, and
Bitwarden/LastPass scan id/name/placeholder/label-text heuristically, so
all three vendor ignore attributes are required.
convey/templates/init.html:
- #gemini-key: type=text + the four suppression attrs, drop the
hide/show toggle entirely (button + toggleGeminiKey() function)
- flatten the .input-wrap wrapper around gemini-key (served only to
align the deleted button; .input-wrap CSS stays — password field
at line 106 still uses it)
apps/settings/workspace.html:
- five API-key inputs (field-env-{google,openai,anthropic,revai,plaud}):
type=text + the four suppression attrs
- swap each .password-toggle initial icon 👁 → 👀
(eye-with-line) and title="Show …" → "Hide …" to match the new
visible-by-default starting state
- #field-password (Security section) left untouched — still type=password
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
+17
-26
+15
-15
apps/settings/workspace.html
+15
-15
apps/settings/workspace.html
···
2248
2248
<div id="googleApiKeyField" class="settings-field">
2249
2249
<label for="field-env-google">Google AI (Gemini)</label>
2250
2250
<div class="password-wrap">
2251
-
<input type="password" id="field-env-google" data-section="env" data-key="GOOGLE_API_KEY" placeholder="Enter API key">
2252
-
<button type="button" class="password-toggle" data-toggle="field-env-google" title="Show key">
2253
-
<span>👁</span>
2251
+
<input type="text" id="field-env-google" data-section="env" data-key="GOOGLE_API_KEY" placeholder="Enter API key" autocomplete="off" data-1p-ignore data-lpignore="true" data-bwignore="true">
2252
+
<button type="button" class="password-toggle" data-toggle="field-env-google" title="Hide key">
2253
+
<span>👀</span>
2254
2254
</button>
2255
2255
</div>
2256
2256
<small>Primary provider for transcription and insights. <a href="https://aistudio.google.com/apikey" target="_blank">Get key</a></small>
···
2259
2259
<div class="settings-field">
2260
2260
<label for="field-env-openai">OpenAI</label>
2261
2261
<div class="password-wrap">
2262
-
<input type="password" id="field-env-openai" data-section="env" data-key="OPENAI_API_KEY" placeholder="Enter API key">
2263
-
<button type="button" class="password-toggle" data-toggle="field-env-openai" title="Show key">
2264
-
<span>👁</span>
2262
+
<input type="text" id="field-env-openai" data-section="env" data-key="OPENAI_API_KEY" placeholder="Enter API key" autocomplete="off" data-1p-ignore data-lpignore="true" data-bwignore="true">
2263
+
<button type="button" class="password-toggle" data-toggle="field-env-openai" title="Hide key">
2264
+
<span>👀</span>
2265
2265
</button>
2266
2266
</div>
2267
2267
<small>Alternative provider for chat and agents. <a href="https://platform.openai.com/api-keys" target="_blank">Get key</a></small>
···
2270
2270
<div class="settings-field">
2271
2271
<label for="field-env-anthropic">Anthropic</label>
2272
2272
<div class="password-wrap">
2273
-
<input type="password" id="field-env-anthropic" data-section="env" data-key="ANTHROPIC_API_KEY" placeholder="Enter API key">
2274
-
<button type="button" class="password-toggle" data-toggle="field-env-anthropic" title="Show key">
2275
-
<span>👁</span>
2273
+
<input type="text" id="field-env-anthropic" data-section="env" data-key="ANTHROPIC_API_KEY" placeholder="Enter API key" autocomplete="off" data-1p-ignore data-lpignore="true" data-bwignore="true">
2274
+
<button type="button" class="password-toggle" data-toggle="field-env-anthropic" title="Hide key">
2275
+
<span>👀</span>
2276
2276
</button>
2277
2277
</div>
2278
2278
<small>Alternative provider for chat and agents. <a href="https://console.anthropic.com/settings/keys" target="_blank">Get key</a></small>
···
2281
2281
<div class="settings-field">
2282
2282
<label for="field-env-revai">Rev.ai</label>
2283
2283
<div class="password-wrap">
2284
-
<input type="password" id="field-env-revai" data-section="env" data-key="REVAI_ACCESS_TOKEN" placeholder="Enter access token">
2285
-
<button type="button" class="password-toggle" data-toggle="field-env-revai" title="Show token">
2286
-
<span>👁</span>
2284
+
<input type="text" id="field-env-revai" data-section="env" data-key="REVAI_ACCESS_TOKEN" placeholder="Enter access token" autocomplete="off" data-1p-ignore data-lpignore="true" data-bwignore="true">
2285
+
<button type="button" class="password-toggle" data-toggle="field-env-revai" title="Hide token">
2286
+
<span>👀</span>
2287
2287
</button>
2288
2288
</div>
2289
2289
<small>Audio transcription for imported files. <a href="https://www.rev.ai/access_token" target="_blank">Get token</a></small>
···
2291
2291
<div class="settings-field">
2292
2292
<label for="field-env-plaud">Plaud</label>
2293
2293
<div class="password-wrap">
2294
-
<input type="password" id="field-env-plaud" data-section="env" data-key="PLAUD_ACCESS_TOKEN" placeholder="Enter access token">
2295
-
<button type="button" class="password-toggle" data-toggle="field-env-plaud" title="Show token">
2296
-
<span>👁</span>
2294
+
<input type="text" id="field-env-plaud" data-section="env" data-key="PLAUD_ACCESS_TOKEN" placeholder="Enter access token" autocomplete="off" data-1p-ignore data-lpignore="true" data-bwignore="true">
2295
+
<button type="button" class="password-toggle" data-toggle="field-env-plaud" title="Hide token">
2296
+
<span>👀</span>
2297
2297
</button>
2298
2298
</div>
2299
2299
<small>Import audio from Plaud recorder. Log into the web portal and extract token from browser console.</small>
+2
-11
convey/templates/init.html
+2
-11
convey/templates/init.html
···
131
131
<p class="trust-note">your key is stored locally in your journal config</p>
132
132
<div class="field-group">
133
133
<label for="gemini-key">Gemini API key</label>
134
-
<div class="input-wrap">
135
-
<input type="password" id="gemini-key" disabled>
136
-
<button type="button" class="toggle-btn" id="toggle-gemini" onclick="toggleGeminiKey()">show</button>
137
-
</div>
134
+
<input type="text" id="gemini-key" autocomplete="off"
135
+
data-1p-ignore data-lpignore="true" data-bwignore="true" disabled>
138
136
<small class="field-status" aria-live="polite"> </small>
139
137
</div>
140
138
<p class="section-hint" style="margin-top: 1rem;">get a private key from sol pbc by <a href="https://scouts.solstone.app" target="_blank" rel="noopener noreferrer">becoming a scout</a> and providing feedback on your experience</p>
···
185
183
function togglePassword() {
186
184
const input = document.getElementById('password');
187
185
const btn = document.getElementById('toggle-password');
188
-
if (input.type === 'password') { input.type = 'text'; btn.textContent = 'hide'; }
189
-
else { input.type = 'password'; btn.textContent = 'show'; }
190
-
}
191
-
192
-
function toggleGeminiKey() {
193
-
const input = document.getElementById('gemini-key');
194
-
const btn = document.getElementById('toggle-gemini');
195
186
if (input.type === 'password') { input.type = 'text'; btn.textContent = 'hide'; }
196
187
else { input.type = 'password'; btn.textContent = 'show'; }
197
188
}