Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ignore tokens and keys in examples #1725

Merged
merged 1 commit into from
Jul 30, 2024
Merged

Conversation

lubosmj
Copy link
Member

@lubosmj lubosmj commented Jul 29, 2024

Even though these files have been already deprecated, some checkers still care about older branches.

[noissue]

.gitleaks.toml Outdated
@@ -1,5 +1,5 @@
[allowlist]
description = "Our test install exports a test only MINIO ACCESS KEY"
paths = [
files = [
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Needs to stay "paths" - "files" is for specific-filenames (and is going to be deprecated soon anyway)

.gitleaks.toml Outdated
".github/workflows/scripts/install.sh",
"docs/workflows/authentication.rst",
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think in this specific case, we're better served with a regexes = [ exact-key-here ] entry for the not-a-secret itself. Esp since this file is in history-only and won't be modifying the key ever again...

@ggainey
Copy link

ggainey commented Jul 29, 2024

Note for future investigators - the token in question is an example of a temporary token generated by pulp - it's never been able to give access to anything other than the transient test system that originally generated it.

@lubosmj lubosmj force-pushed the lubosmj-patch-gitleaks-token branch 3 times, most recently from 3f1182a to 8794975 Compare July 29, 2024 12:39
Even though these files have been already deprecated, some checkers still care about older branches.

[noissue]
@lubosmj lubosmj force-pushed the lubosmj-patch-gitleaks-token branch from 8794975 to 5ef9e61 Compare July 29, 2024 12:40
@lubosmj lubosmj changed the title Ignore a doc file with a token Ignore tokens and keys in examples Jul 29, 2024
@lubosmj lubosmj requested a review from ggainey July 29, 2024 12:41
@lubosmj lubosmj merged commit aa482bc into main Jul 30, 2024
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants