Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Supporting passwords #6

Open
professor opened this issue Mar 13, 2018 · 2 comments
Open

Supporting passwords #6

professor opened this issue Mar 13, 2018 · 2 comments
Labels
unscheduled

Comments

@professor
Copy link

I noticed that on a recent leak, that a couple of fields would not have been caught by cred-alert. At the time, we were not using cred-alert. We are now, and it would be nice to catch these situations.

ivyrepo_passwd: "snipped"
docker_password: snipped
@cf-gitbot
Copy link
Member

We have created an issue in Pivotal Tracker to manage this. Unfortunately, the Pivotal Tracker project is private so you may be unable to view the contents of the story.

The labels on this github issue will be updated when the story is started.

@ghost
Copy link

ghost commented Aug 15, 2018

I was wondering about this same thing.

The underlying question, what exactly constitutes a credential?

I scanned my .ssh directory, and it recognized pem keys. I scanned my .aws/credentials and it found those easily.

What if I have a password in a terraform file? For example:

my_rds_password = "abc"

Are these types of credentials supposed to get caught?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
unscheduled
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@professor @cf-gitbot