Secret Keyword
Bridgecrew Policy ID: BC_GIT_10
Severity: LOW
Secret Keyword
Description
This check attempts to identify non-standard secrets by using standard keyword conventions used to annotate secrets in custom application code. The check utilizes the following keywords:
'api_?key',
'auth_?key',
'service_?key',
'account_?key',
'db_?key',
'database_?key',
'priv_?key',
'private_?key',
'client_?key',
'db_?pass',
'database_?pass',
'key_?pass',
'password',
'passwd',
'pwd',
'secret',
'contraseña',
'contrasena',
Fix - Buildtime
Multiples services
Step 1: Revoke Secret.
Step 2: Clean the git history.
Go under the settings section of your GitHub project and chose the change visibility button at the bottom.
Step 3: Check your application access logs to ensure the key was not utilized during the compromised period.
Updated 8 months ago