Improve secure key env var match default case

[neuronull]

🎟️ Tracking

📔 Objective

Improves the logging of the default case for the secure key env var check.

I noticed this while observing tracing output from ssh agent. It reads:

2026-04-07T21:00:21.928081Z  INFO desktop_core::secure_memory::secure_key:  is not a valid secure key container backend, using automatic selection

, notably, the default match case is currently doing two things that could be improved: if the env var is not set, the log statement doesn't reflect that because it's an empty string. It doesn't delineate between the Ok(string) case and the Err case. Even though both result in a None return, it's more clear to read the logs what is going on.

Sine the existing code had info for both cases, I'm assuming the env var is not required/expected (hence using info for the Err case, instead of something like error or warn).

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

Checkmarx One – Scan Summary & Details – 2d921176-dea4-4ab1-aff7-d0ff504340e4

---

New Issues (23)

Checkmarx found the following issues in this Pull Request

#	Severity	Issue	Source File / Package	Checkmarx Insight
1		CVE-2025-13631	Npm-electron-39.2.6	details Recommended version: 41.2.0 Description: Inappropriate implementation in Google Updater in Google Chrome on Mac prior to 143.0.7499.41 allowed a remote attacker to perform Privilege Escala... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
2		CVE-2025-13633	Npm-electron-39.2.6	details Recommended version: 41.2.0 Description: Use After Free in Digital Credentials in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
3		CVE-2025-13638	Npm-electron-39.2.6	details Recommended version: 41.2.0 Description: Use After Free in Media Stream in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a craft... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
4		CVE-2025-13639	Npm-electron-39.2.6	details Recommended version: 41.2.0 Description: Inappropriate implementation in WebRTC in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to perform arbitrary read/write via a craf... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
5		CVE-2025-13720	Npm-electron-39.2.6	details Recommended version: 41.2.0 Description: Bad cast in Loader in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to potentially exploi... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
6		CVE-2025-13721	Npm-electron-39.2.6	details Recommended version: 41.2.0 Description: Race in v8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Attack Vector: NETWORK Attack Complexity: HIGH Vulnerable Package
7		CVE-2026-0628	Npm-electron-39.2.6	details Recommended version: 41.2.0 Description: Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malic... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
8		CVE-2026-1861	Npm-electron-39.2.6	details Recommended version: 41.2.0 Description: Heap Buffer Overflow in libvpx in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a craf... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
9		CVE-2026-34770	Npm-electron-39.2.6	details Recommended version: 41.2.0 Description: Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.x prior to 39.... Attack Vector: LOCAL Attack Complexity: HIGH Vulnerable Package
10		CVE-2026-34771	Npm-electron-39.2.6	details Recommended version: 41.2.0 Description: Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.x prior to 39.... Attack Vector: NETWORK Attack Complexity: HIGH Vulnerable Package
11		CVE-2026-34774	Npm-electron-39.2.6	details Recommended version: 41.2.0 Description: Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 39.8.1, 40.x prior to 40.... Attack Vector: NETWORK Attack Complexity: HIGH Vulnerable Package
12		CVE-2026-34780	Npm-electron-39.2.6	details Recommended version: 41.2.0 Description: Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From versions 39.0.0-alpha.1 prior to 39.8.... Attack Vector: NETWORK Attack Complexity: HIGH Vulnerable Package
13		SSRF	/libs/common/src/services/api.service.ts: 1327	details The application sends a request to a remote server, for some resource, using createRequest in /libs/common/src/services/api.service.ts:1270. How... Attack Vector
14		SSRF	/libs/common/src/services/api.service.ts: 1335	details The application sends a request to a remote server, for some resource, using createRequest in /libs/common/src/services/api.service.ts:1270. How... Attack Vector
15		SSRF	/libs/common/src/services/api.service.ts: 1328	details The application sends a request to a remote server, for some resource, using createRequest in /libs/common/src/services/api.service.ts:1270. How... Attack Vector
16		SSRF	/libs/common/src/services/api.service.ts: 1327	details The application sends a request to a remote server, for some resource, using createRequest in /libs/common/src/services/api.service.ts:1241. How... Attack Vector
17		SSRF	/libs/common/src/services/api.service.ts: 1335	details The application sends a request to a remote server, for some resource, using createRequest in /libs/common/src/services/api.service.ts:1241. How... Attack Vector
18		SSRF	/libs/common/src/services/api.service.ts: 1328	details The application sends a request to a remote server, for some resource, using createRequest in /libs/common/src/services/api.service.ts:1241. How... Attack Vector
19		CVE-2025-13632	Npm-electron-39.2.6	details Recommended version: 41.2.0 Description: Inappropriate implementation in DevTools in Google Chrome prior to 143.0.7499.41 allowed an attacker who convinced a user to install a malicious ex... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
20		CVE-2025-13635	Npm-electron-39.2.6	details Recommended version: 41.2.0 Description: Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a local attacker to perform UI spoofing via a crafted HTM... Attack Vector: LOCAL Attack Complexity: LOW Vulnerable Package
21		CVE-2025-13636	Npm-electron-39.2.6	details Recommended version: 41.2.0 Description: Inappropriate implementation in Split View in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to engage in spec... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
22		CVE-2025-13637	Npm-electron-39.2.6	details Recommended version: 41.2.0 Description: Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to engage in speci... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
23		CVE-2025-13640	Npm-electron-39.2.6	details Recommended version: 41.2.0 Description: Inappropriate implementation in Passwords in Google Chrome prior to 143.0.7499.41 allowed a local attacker to bypass authentication via physical ac... Attack Vector: PHYSICAL Attack Complexity: LOW Vulnerable Package

---

Fixed Issues (1)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	SSRF	/libs/common/src/services/api.service.ts: 1343

[codecov]

Codecov Report

❌ Patch coverage is 40.00000% with 3 lines in your changes missing coverage. Please review.
✅ Project coverage is 46.82%. Comparing base (afdce14) to head (21cbaaf).
⚠️ Report is 44 commits behind head on main.
✅ All tests successful. No failed tests found.

Files with missing lines	Patch %	Lines
...op_native/core/src/secure_memory/secure_key/mod.rs	40.00%	3 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #20097      +/-   ##
==========================================
+ Coverage   46.67%   46.82%   +0.14%     
==========================================
  Files        3880     3882       +2     
  Lines      116114   116386     +272     
  Branches    17671    17738      +67     
==========================================
+ Hits        54200    54498     +298     
+ Misses      59447    59409      -38     
- Partials     2467     2479      +12     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[Thomas-Avery]

💭 The hot path here is users not setting SECURE_KEY_CONTAINER_BACKEND and us using automatic selection.

I would suggest matching on std::env::VarError::NotPresent and just having a debug! or no log for that. Then having the other error options being what you have here.

Feels like unhelpful noise to have something like:

INFO error=environment variable not found env_var=SECURE_KEY_CONTAINER_BACKEND failed to read environment variable, using automatic selection