Possible Exposed AWS Key

esl / MongooseIM

MongooseIM is Erlang Solutions' robust, scalable and efficient XMPP server, aimed at large installations. Specifically designed for enterprise purposes, it is fault-tolerant and can utilise the resources of multiple clustered machines.

Other

1.67k stars 428 forks source link

Possible Exposed AWS Key #3958

Closed farisjarrah closed 1 year ago

farisjarrah commented 1 year ago

MongooseIM version: N/A Installed from: N/A Erlang/OTP version: N/A

Possible exposed AWS key in your repo. I found this key within a top comment on a repo search tool on Hacker News:

https://news.ycombinator.com/item?id=34691804 https://grep.app/search?current=2&q=AKIA%5B0-9A-Z%5D%7B16%7D&regexp=true https://github.com/esl/MongooseIM/blob/master/test/aws_signature_v4_SUITE.erl#L8

Neustradamus commented 1 year ago

@esl team, have you seen this ticket?

chrzaszcz commented 1 year ago

@Neustradamus @farisjarrah thanks for reporting this. The SECRET_ACCESS_KEY is actually used only to set up the local minio instance for tests, and it is not a security risk. See https://github.com/esl/MongooseIM/blob/master/tools/setup_minio.sh#L13