Open dinvlad opened 1 year ago
Does Kubernetes secrets themselves matter?
I mean that it is just yet another file with a YAML extension.
I wish Trufflehog to find the database connection string no matter where it is saved in appsettings.json, application.properties, or secrets.yaml
Also try to imagine that such detector exists and finding such secrets - how should it verify them?
I don’t think we should verify these, we just need to see that there’s non-trivial data stored in the template.
Re general-purpose database connection string agreed, though for example with JDBC detector we’ve been getting some undesired noise.. https://github.com/trufflesecurity/trufflehog/tree/main/pkg/detectors/jdbc
I do think here we should just focus on detecting a base64-encoded value within the secret template, without necessarily trying to determine what it is (though that would be cool!)
Community Note
Description
It would be great to be able to detect Kubernetes Secrets, provided it doesn't generate a lot of noise.
Problem to be Addressed
Currently, there doesn't appear to be a generic Kubernetes Secrets detector. I wonder if we could add a pattern for it.
Description of the Preferred Solution
We could add a pattern based on YAML representation, something like:
Or would this approach generate a lot of false-positives for "test" credentials?
Additional Context
References