Closed yilas closed 1 year ago
These resource prefixes are not for credential types. I don't think there is anything we can or should do with them.
These resource prefixes are not for credential types. I don't think there is anything we can or should do with them.
Hello ๐๐ป The general idea is to avoid spreading this kind of information. To be honest, I don't have a ยซ use case ยป in mind where I can show that this or that ID could be badly exploited. In parallel with this tool, I also look at how other tools like gitleaks work. This tool generates an alarm for the IDs listed in this issue. That's one of the reasons I suggested this addition.
I've previously removed these prefixes in this commit because they weren't credentials so we are not going to accept this change. Thank you. https://github.com/trufflesecurity/trufflehog/commit/b0547399843a772aff7338a731699fe62d4f6ca4
Community Note
Description
Some AWS unique ID prefixes are not detected by the application.
Problem to be Addressed
The chapter Understanding unique ID prefixes gives a list of unique ID prefixes.
I suggest to add the following prefixes :
AGPA
AIDA
ANPA
ANVA
AROA
ASCA