GitHub secret scanner detects `'google-custom-search-api-key' => 'AIzaSyDpE01VDNNT73s6CEeJRdSg5jukoG244ek'` as a problem secret

drush-ops / drush

Drush is a command-line shell and scripting interface for Drupal, a veritable Swiss Army knife designed to make life easier for those who spend their working hours hacking away at the command prompt.

https://www.drush.org

2.33k stars 1.08k forks source link

GitHub secret scanner detects `'google-custom-search-api-key' => 'AIzaSyDpE01VDNNT73s6CEeJRdSg5jukoG244ek'` as a problem secret #6115

Open rfay opened 6 days ago

rfay commented 6 days ago

Describe the bug

GitHub's secret scanner detects this as a secret:

public function fetch($search = null, $options = ['image-viewer' => 'open', 'google-custom-search-api-key' => 'AIzaSyDpE01VDNNT73s6CEeJRdSg5jukoG244ek']

https://github.com/drush-ops/drush/blob/6a3f0cfe0abab49f42e83602469049506d75035d/examples/Commands/XkcdCommands.php#L25

It's probably private, but the scan alert is in

https://github.com/rfay/d11/security/secret-scanning/1

weitzman commented 6 days ago

That's ok. That code is not actually secret. If these alerts bother folks I suggest only scanning your customer code and not scanning dependencies.

rfay commented 6 days ago

This isn't a manual scan, it's an automatic GitHub check on checkin of code. And yes, I check in vendor because I'm lazy.

I'm surprised they haven't been pestering you over and over.