Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-15620 Über-jira: S3A phase VI: Hadoop 3.3 features
  3. HADOOP-15069

support git-secrets commit hook to keep AWS secrets out of git

    XMLWordPrintableJSON

    Details

    • Type: Sub-task
    • Status: Patch Available
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 3.0.0
    • Fix Version/s: None
    • Component/s: build
    • Labels:
      None
    • Target Version/s:

      Description

      The latest Uber breach looks like it involved AWS keys in git repos.

      Nobody wants that, which is why amazon provide git-secrets; a script you can use to scan a repo and its history, and add as an automated check.

      Anyone can set this up, but there are a few false positives in the scan, mostly from longs and a few all-upper-case constants. These can all be added to a .gitignore file.

      Also: mention git-secrets in the aws testing docs; say "use it"

        Attachments

        1. HADOOP-15069-002.patch
          5 kB
          Steve Loughran
        2. HADOOP-15069-001.patch
          2 kB
          Steve Loughran

          Activity

            People

            • Assignee:
              stevel@apache.org Steve Loughran
              Reporter:
              stevel@apache.org Steve Loughran
            • Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated: