Skip to content

fix: only scan the AWS folder for AWS secrets

Konstantin Gukov requested to merge msft/1904/rm-aws-secret-precommit-check into master

Type of change

  • Bug Fix
  • Feature
  • Pipeline
  • Test
  • Documentation

Does this introduce a change in the core logic?

  • No
  • Yes

Does this introduce a change in the cloud provider implementation, if so which cloud?

  • AWS
  • Anthos
  • Azure
  • GCP
  • IBM

Does this follow conventional commits spec?

  • No
  • Yes

Have you set the target Milestone?

  • No
  • Yes

Have you set the no-detached-pipeline label?

  • No
  • Yes

Updates description?

Update this part with a description of your changes

This precommit check falsely detects AWS keys in the folders with C# build artifacts at src/cloud/providers/azure/sidecar.

This check is extremely basic. All it does is search all files, no matter if they are gitignored or not, for the AWS key regexp: https://github.com/blaircalderwood/scan-for-secrets/blob/master/src/constants.js

It is also not configurable, and one can't exclude certain folders from scanning.

In this MR, I point the check to the AWS folder instead of scanning through all the source files.

Down the road I suggest to replace this check with https://www.npmjs.com/package/detect-secrets or to improve the existing tool, e.g. via contributing a folder exclusion feature.

Edited by Konstantin Gukov

Merge request reports