Skip to content

Additional Kubernetes Secret Detections #1513

New issue
New issue
Open
Open
Additional Kubernetes Secret Detections#1513
@rgmz

Description

@rgmz
rgmz
opened on Sep 18, 2024

  • 1. Kubernetes Secrets as JSON
    Refactor kubernetes-secret rule #1462 covers YAML but not JSON.

  • 2. Detect StringData Secrets

    Add a rule for stringData in the future.

    Originally posted by @rgmz in Refactor kubernetes-secret rule #1462

  • 3. Other types of secret resources

    It might be interesting to add a rule for special resources such as ExternalSecret or SopsSecrets and work on an absence of special characters. For example, one could flag an ExternalSecret resource if for each key within the spec.target.template.data field "{{" and "}}" are missing. Similarly, for SopsSecret it would be sufficient to check for the "sops:" field. Of course, you could also add a custom .gitleaks.toml for these personal usecases.

    Would like to hear your thoughts about this.

    Originally posted by @marcm-ml in Refactor kubernetes-secret rule #1462 (comment)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions