If you're a pentester, you might audit companies regularly. You might come across vendors that aren't known by the weboftrust command, and aren't public. If a vendor doesn't publish their account ID, I've wanted to avoid including it in my public vendor account list. I'm not sure if that decision is necessary (happy to discuss), but assuming that decision stays, then the question is, what do you do for vendors you know about? You don't want to have a private fork of CloudMapper just for that. So we could potentially have a private_vendor_accounts.yaml file.
If you're a pentester, you might audit companies regularly. You might come across vendors that aren't known by the
weboftrust
command, and aren't public. If a vendor doesn't publish their account ID, I've wanted to avoid including it in my public vendor account list. I'm not sure if that decision is necessary (happy to discuss), but assuming that decision stays, then the question is, what do you do for vendors you know about? You don't want to have a private fork of CloudMapper just for that. So we could potentially have aprivate_vendor_accounts.yaml
file.