Should 'secret_key' be added to the keyword plugin? #148
Labels
pending
The issue still needs to be reviewed by one of the maintainers.
Comments
|
Hi @mdscruggs, that's a good idea 👍 I'd have to do a decent amount of internal testing first, before adding that to the keyword blacklist, but it definitely sounds reasonable. I'll leave this open until I add it/do the internal testing. |
|
Interessed about it 👍 |
lorenzodb1
added
pending
|
We're going to close this issue as it hasn't received any update in a very long time. Feel free to re-open it if you think it's still relevant. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
While trying out detect-secrets for the first time today, I noticed the term 'secret_key' is not present in the keyword plugin (see https://github.com/Yelp/detect-secrets/blob/master/detect_secrets/plugins/keyword.py#L38). This means it doesn't find the very common Django
SECRET_KEYvariable. I was wondering if folks think 'secret_key' should be added to the keyword plugin's blacklist...but as a newcomer to this library I wasn't sure if that would cause consternation, since it would basically point outSECRET_KEYfor any and all Django projects (if I understand the plugin correctly).Just looking to start the conversation! Thanks!
The text was updated successfully, but these errors were encountered: