Best-effort detection of potentially secret variables - Githubissues

elastic / package-spec

EPR package specifications

Other

17 stars 71 forks source link

Best-effort detection of potentially secret variables #665

Closed jsoriano closed 10 months ago

jsoriano commented 10 months ago

What does this PR do?

Fails validation on variables that look like secrets and don't declare if they are secrets or not with the secret property.

This detection is based on two things:

The name of the variable contains strings like password, api_key or token.
The type of the variable is password.

Why is it important?

To encourage adoption of this feature to secure secrets in package policies.

Checklist

[x] I have added test packages to test/packages that prove my change is effective.
[x] I have added an entry in spec/changelog.yml.

Related issues

Part of https://github.com/elastic/elastic-package/issues/1554

elasticmachine commented 10 months ago

:green_heart: Build Succeeded

Buildkite Build
Commit: dfd6b9dbaa5bb9ba1e5f14eecd2d9c5ef37ba141

History

:green_heart: Build #404 succeeded 7a8c756f4f9694ca36decc300c37246330348edc
:green_heart: Build #402 succeeded ab39f42ade188c18b287e3e6730d7a8810b887e6

cc @jsoriano