Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-19353 Über-jira: S3A Hadoop 3.4.2 features
  3. HADOOP-15069

support git-secrets commit hook to keep AWS secrets out of git

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Patch Available
    • Minor
    • Resolution: Unresolved
    • 3.0.0
    • None
    • build
    • None

    Description

      The latest Uber breach looks like it involved AWS keys in git repos.

      Nobody wants that, which is why amazon provide git-secrets; a script you can use to scan a repo and its history, and add as an automated check.

      Anyone can set this up, but there are a few false positives in the scan, mostly from longs and a few all-upper-case constants. These can all be added to a .gitignore file.

      Also: mention git-secrets in the aws testing docs; say "use it"

      Attachments

        1. HADOOP-15069-001.patch
          2 kB
          Steve Loughran
        2. HADOOP-15069-002.patch
          5 kB
          Steve Loughran

        Activity

          People

            stevel@apache.org Steve Loughran
            stevel@apache.org Steve Loughran
            Votes:
            0 Vote for this issue
            Watchers:
            9 Start watching this issue

            Dates

              Created:
              Updated: