[HADOOP-15069] support git-secrets commit hook to keep AWS secrets out of git - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Patch Available
Priority: Minor
Resolution: Unresolved
Affects Version/s: 3.0.0
Fix Version/s: None
Component/s: build
Labels:
None

Target Version/s:

3.5.0

Description

The latest Uber breach looks like it involved AWS keys in git repos.

Nobody wants that, which is why amazon provide git-secrets; a script you can use to scan a repo and its history, and add as an automated check.

Anyone can set this up, but there are a few false positives in the scan, mostly from longs and a few all-upper-case constants. These can all be added to a .gitignore file.

Also: mention git-secrets in the aws testing docs; say "use it"

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HADOOP-15069-001.patch
23/Nov/17 15:37
2 kB
Steve Loughran
HADOOP-15069-002.patch
23/Nov/17 18:41
5 kB
Steve Loughran

Activity

People

Assignee:: Steve Loughran

Reporter:: Steve Loughran

Votes:: 0 Vote for this issue

Watchers:: 9 Start watching this issue

Dates

Created:: 23/Nov/17 15:23

Updated:: 04/Jan/24 11:25