Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Updates the pattern for matching different types of AWS access keys
It currently only flags access keys that are prefixed with
AKIA
. AWS access keys can come in a few different formats, and without this change they would go undetected.Here is a list from AWS of different prefixes and what they are.
For instance
ASIA
is for temporary service token.This:
would be flagged by
git-secrets
and by
gitleaks
but not
detect-secrets
It will flag other related AWS access keys one would probably want to be notified about.
No
This is the same pattern used in gitleaks (although pattern changed to be in alphabetical order), but not as detailed as git-secrets. The gitleaks pattern makes the most sense to me. It doesn't include every variation as explained here, just the ones that make sense.