Remove sensitive secrets and keys from logs and CI output

[iamitprakash]

Summary

Several scripts log secrets and sensitive credential material to the console. If run in CI or artifacts are uploaded, logs may disclose private keys, service account credentials, or other secure values.

Affected files:

• scripts/convert-key.ts: prints entire JWT key (public/private)
• scripts/test-firestore.ts: logs service account details
• Any other scripts reading env and logging values

Recommendations

• Remove all console.log statements outputting actual secret or credential content.
• Replace with logging only length, SHA256/MD5 hash, or masked versions for debug.
• If you must debug key handling, log to a local file that is .gitignored and not uploaded, never in CI.
• Audit scripts before PR approval for secret outputs.

Severity: High (Do not run these scripts in CI/CD environments until this is resolved)

Example safer log pattern:

console.log(`Loaded JWT key (length: ${publicKey.length})`);