an invention by mdati
Description
Scope here is to prevent reserved data or generally "unwanted", to be pushed and saved on a public repository, i.e. on Github, causing disclosure or leaking of reserved informations.
The above definition of reserved or "unwanted" may vary, depending on the context: sometime secret keys or password are stored in data or configuration files or hardcoded in source code and depending on the scope of the archive or the level of security, it can be either wanted, permitted or not at all.
As main target here, secrets will be registration keys or passwords, to be detected and managed locally or in a C.I. pipeline.
Goals
Detection:
- Local detection: detect secret words present in local files;
- Remote detection: detect secrets in files, in pipelines, going to be transferred on a remote repository, i.e. via
git push;
Reporting:
- report the result of detection on stderr and/or log files, noticed excluding the secret values.
Acton:
- Manage the detection, by either deleting or masking the impacted code or deleting/moving the file itself or simply notify it.
Resources
- Project repository, published on Github (link): m-dati/hkwk24;
- Reference folder: hkwk24/chksecret;
- First pull request (link): PR#1;
- Second PR, for improvements: PR#2;
- README.md and TESTS.md documentation files available in the repo root;
- Test subproject repository, for testing CI on push [TBD].
Notes
We use here some examples of secret words, that still can be improved.
The various patterns to match desired reserved words are written in a separated module, to be on demand updated or customized.
[Legend: TBD = to be done]
Looking for hackers with the skills:
This project is part of:
Hack Week 24
Activity
Comments
-
6 months ago by mdati | Reply
This project was completed at a first phase: a simple python program to inspect a desired local perl(but not only) code file (see links in Resources).
Next step should be to set a workflow and make it running on code going to be published on a remote repo: but this will come next [TBD]
Bye !
Reply to mdati
This project was completed at a first phase: a simple python program to inspect a desired local perl(but not only) code file (see links in Resources).
Next step should be to set a workflow and make it running on code going to be published on a remote repo: but this will come next [TBD]
Bye !
# A First Level Header ## A Second Level Header Use one asterisk to *emphasize* Use two asterisks for **strong emphasis** - Use hyphens - for unordereed - lists This is an [link to example.com](http://example.com/) This is an image  This is a user link @hans This is a project link hw#some-cool-title
Similar Projects
This project is one of its kind!