[Resolve for #4882] feat: add regex validation for secret key

[LEMINHMAN1]

Description 📣

Resolves #4882
Improves secret key validation for .env, .json, .yml, and manual entry.
Blocks Unicode and special-character keys and shows warning tooltips.
Ensures secret keys remain compatible with AWS, Docker, Kubernetes, and other platforms.

Only allow ASCII-safe keys:
A–Z a–z 0–9 . _ -

Invalid keys should be rejected or highlighted with a tooltip warning.

Type ✨

• Bug fix
• New feature
• Improvement
• Breaking change
• Documentation

Tests 🛠️

• Should prevent users from including JSON or .env files that contain invalid keys in the "Paste Secret Values" modal.
  Image

• When users enter an invalid key in the "Add secret key" modal, a warning should be displayed to let the user correct it.
  Image

---

• I have read the contributing guide, agreed and acknowledged the code of conduct. 📝

[maidul98]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[greptile-apps]

Greptile Summary

• Added ASCII-safe key validation (/^[A-Za-z0-9._-]+$/) across .env, .json, .yml imports and manual secret creation
• Invalid keys are silently filtered during imports without notifying users which secrets were skipped
• Manual secret creation shows warning tooltips but doesn't prevent submission of invalid keys

Confidence Score: 2/5

• This PR has critical UX and validation issues that need resolution before merge
• The implementation silently drops invalid secrets during import without user feedback, and the manual creation form shows warnings but doesn't block invalid submissions. Additionally, the LINE regex is vulnerable to ReDoS attacks and should use re2 package.
• Pay close attention to frontend/src/components/utilities/parseSecrets.ts for silent filtering behavior and ReDoS vulnerability, and CreateSecretForm.tsx for missing form validation

Important Files Changed

Filename	Overview
frontend/src/components/utilities/parseSecrets.ts	Added VALID_KEY_REGEX validation to parseDotEnv, parseJson, and parseYaml to silently filter invalid keys
frontend/src/pages/secret-manager/SecretDashboardPage/components/CreateSecretForm/CreateSecretForm.tsx	Added warning tooltips for invalid characters using VALID_KEY_REGEX, but doesn't block submission

[greptile-apps]

Additional Comments (3)

1. frontend/src/components/utilities/parseSecrets.ts, line 106-187 (link)

   logic: parseYaml is missing the same VALID_KEY_REGEX validation that was added to parseDotEnv and parseJson. Users can still import YAML files with invalid secret keys, bypassing the validation.

   Add validation after line 126:

   const [, key, rawValue] = keyMatch;
   if (!VALID_KEY_REGEX.test(key)) {
     i += 1;
     continue;
   }
   let value = rawValue.trim();

2. frontend/src/pages/secret-manager/SecretDashboardPage/components/SecretDropzone/SecretDropzone.tsx, line 371-385 (link)

   logic: CSV import via finishMappedMatrixImport doesn't validate secret keys against VALID_KEY_REGEX. Users can import CSV files with invalid keys like Unicode characters or special symbols, bypassing the validation implemented in this PR.

3. frontend/src/pages/secret-manager/SecretDashboardPage/components/SecretDropzone/PasteSecretEnvModal.tsx, line 44-62 (link)

   style: When secrets are silently filtered out due to invalid keys (via parseDotEnv/parseJson), users receive a generic error "No secrets found" without knowing that some keys were rejected. Consider showing how many keys were filtered and which ones were invalid.

_{2 files reviewed, 5 comments}

_{Edit Code Review Agent Settings | Greptile
React with 👍 or 👎 to share your feedback on this new summary format}

[LEMINHMAN1]

Hey team 👋,
I’ve opened a small UI improvement PR related to secret key validation.
It blocks invalid/Unicode/special-character keys across .env, .json, .yml imports and shows proper warning tooltips.

Would appreciate a quick review 🙏

@maidul98 @dangtony98

[greptile-apps]

Additional Comments (1)

1. frontend/src/pages/secret-manager/SecretDashboardPage/components/CreateSecretForm/CreateSecretForm.tsx, line 89-110 (link)

   logic: Form allows submitting invalid secret keys despite showing warnings. The validation should block submission if !VALID_KEY_REGEX.test(key) to prevent creating incompatible secrets. Add validation to the zod schema or prevent form submission when invalid.

_{3 files reviewed, 5 comments}

_{Edit Code Review Agent Settings | Greptile
React with 👍 or 👎 to share your feedback on this new summary format}