From 7e53b90f1f9bddc3a8b728fc1efb76e0d7dfe07e Mon Sep 17 00:00:00 2001
From: VenkateshPabbati <venkateshpabbati@gmail.com>
Date: Sat, 21 Feb 2026 11:34:54 +0530
Subject: [PATCH] Potential fix for code scanning alert no. 1: Clear-text
 storage of sensitive information

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 src/google/adk/cli/cli_create.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/google/adk/cli/cli_create.py b/src/google/adk/cli/cli_create.py
index a1be9a0273..cd7b45ff68 100644
--- a/src/google/adk/cli/cli_create.py
+++ b/src/google/adk/cli/cli_create.py
@@ -192,7 +192,8 @@ def _generate_files(
     elif google_cloud_project and google_cloud_region:
       lines.append("GOOGLE_GENAI_USE_VERTEXAI=1")
     if google_api_key:
-      lines.append(f"GOOGLE_API_KEY={google_api_key}")
+      # Do not store the Google API key in clear text; instruct the user instead.
+      lines.append("# Set GOOGLE_API_KEY in your environment before running.")
     if google_cloud_project:
       lines.append(f"GOOGLE_CLOUD_PROJECT={google_cloud_project}")
     if google_cloud_region: