admin管理员组

文章数量:1418084

My git-secrets does not appear to detect anything and I am not finding why. Here are the steps I've taken to set it up.

brew install git-secrets
git secrets --register-aws --global
git config --global init.templateDir ~/.git-templates/git-secrets
git config --global alias.clone-secrets '!git clone "$1" && cd "$(basename "$1" .git)" && git secrets --install && git secrets --register-aws'
git secrets --install ~/.git-templates/git-secrets

Then I perform the following test

mkdir test-secrets && cd test-secrets
git init
echo "AWS_ACCESS_KEY_ID=AKIA1234567890EXAMPLE" > data.txt
git add data.txt
git commit -m "Test commit with secret"

Here is the output of the test

$ mkdir test-secrets && cd test-secrets
git init
echo "AWS_ACCESS_KEY_ID=AKIA1234567890EXAMPLE" > data.txt
git add data.txt
git commit -m "Test commit with secret"
Initialized empty Git repository in /Users/XXXXX/Documents/Projects/test-secrets/.git/
[master (root-commit) bb9cba6] Test commit with secret
 Committer: XXXXXX <[email protected]>
 1 file changed, 1 insertion(+)
 create mode 100644 data.txt

The commit go through just fine and no warning is raised. If I enter the directory and run git secrets --list the following is returned

secrets.providers git secrets --aws-provider
secrets.patterns (A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}
secrets.patterns ("|')?(AWS|aws|Aws)?_?(SECRET|secret|Secret)?_?(ACCESS|access|Access)?_?(KEY|key|Key)("|')?\s*(:|=>|=)\s*("|')?[A-Za-z0-9/\+=]{40}("|')?
secrets.patterns ("|')?(AWS|aws|Aws)?_?(ACCOUNT|account|Account)_?(ID|id|Id)?("|')?\s*(:|=>|=)\s*("|')?[0-9]{4}\-?[0-9]{4}\-?[0-9]{4}("|')?
secrets.allowed AKIAIOSFODNN7EXAMPLE
secrets.allowed wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

I have also verified the existence of the .git/hooks/pre-commit in the same directory.

#!/usr/bin/env bash
git secrets --pre_commit_hook -- "$@"

If I target the data.txt in my test manually with the git secrets --scan data.txt there is no output either, indicating it does not find any secret within the file.

Much appreciated for your assistance on this matter. My guess there's something wrong with my installed secrets and it does not properly match my tests.

Update: It appears my my secrets was incorrect with the {16} suffix and my test key was 17 in length. I am wondering if the added secrets can be improved or replaced to make it more robust?

本文标签: gitsecrets do not detected secretsStack Overflow

版权声明:本文标题:git-secrets do not detected secrets - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1745273854a2651059.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。