Open dudicoco opened 3 years ago
Same here happening with release.
0.14.3 detects some of them by keyword
plugin
{
"hashed_secret": "dc9b6de4a6f71ef9c1131393b1bb64e050292d72",
"is_verified": false,
"line_number": 2,
"type": "Secret Keyword"
},
{
"hashed_secret": "feb4b6644b66d1e591bb96fb42bc4e06ce2fa65a",
"is_verified": false,
"line_number": 3,
"type": "Secret Keyword"
},
{
"hashed_secret": "9ed75184449b25a4a079f884b8aacbd47516e4a3",
"is_verified": false,
"line_number": 4,
"type": "Secret Keyword"
},
{
"hashed_secret": "64a20535ff4cf3a34c0b4ab9fdc09b77db62ed89",
"is_verified": false,
"line_number": 6,
"type": "Secret Keyword"
}
seems that 1.x got weaker by default for api-keys & passwords case
We're hitting the same problem.
This secret is not detected:
env:
APIKEY: 550e7956f012f471d91a126c635add67
This secret is detected:
env:
APIKEY: "550e7956f012f471d91a126c635add67"
If I scan the string directly, the HexHighEntropyString plugin detects it:
$ detect-secrets scan --string 550e7956f012f471d91a126c635add67
AWSKeyDetector : False
ArtifactoryDetector : False
AzureStorageKeyDetector: False
Base64HighEntropyString: False (3.64)
BasicAuthDetector : False
CloudantDetector : False
DiscordBotTokenDetector: False
GitHubTokenDetector : False
HexHighEntropyString : True (3.64)
IbmCloudIamDetector : False
IbmCosHmacDetector : False
JwtTokenDetector : False
KeywordDetector : False
MailchimpDetector : False
NpmDetector : False
PrivateKeyDetector : False
SendGridDetector : False
SlackDetector : False
SoftlayerDetector : False
SquareOAuthDetector : False
StripeDetector : False
TwilioKeyDetector : False
Any idea why the secret is not detected in the file when not quoted?
I'm running
detect-secrets
on the following file (these are fake values):When running with the
KeywordDetector
plugin disabled, only theSLACK_API_KEY
value is detected, and not even by the slack plugin:What should be configured in order for these secrets to be detected? Why are the slack secrets not detected by the slack plugin?
Thanks