This is a bit of a philosophical issue, and I'd like to hear feedback from the maintainers about this.
I'd like to add an option to disable reporting ACCESS_KEY_IDs in the output of git secrets --aws-provider, and git secrets --register-aws. Something like --ignore-access-keys.
The argument for this is that access ids aren't secret information in the AWS control panel; they're available to anyone with the iam:ListAccessKeys, they're used as a parameter for API various API calls, and they're able to be searched for in the IAM dashboard. This leads me to think of them more like usernames than secrets. It's also very useful to have them available when debugging access issues.
What're your thoughts on this? Are we doing something horribly wrong by allowing plaintext access keys, or should git-secrets support only searching for secret access keys? Would it be reasonable to consider making this a default behavior?
This is a bit of a philosophical issue, and I'd like to hear feedback from the maintainers about this.
I'd like to add an option to disable reporting ACCESS_KEY_IDs in the output of
git secrets --aws-provider
, andgit secrets --register-aws
. Something like--ignore-access-keys
.The argument for this is that access ids aren't secret information in the AWS control panel; they're available to anyone with the
iam:ListAccessKeys
, they're used as a parameter for API various API calls, and they're able to be searched for in the IAM dashboard. This leads me to think of them more like usernames than secrets. It's also very useful to have them available when debugging access issues.What're your thoughts on this? Are we doing something horribly wrong by allowing plaintext access keys, or should git-secrets support only searching for secret access keys? Would it be reasonable to consider making this a default behavior?