Private Key

Bridgecrew Policy ID: BC_GIT_13
Severity: LOW

Private Key

Description

This check detects private keys by determining whether commonly specified key attributes are present in the analyzed string.

DSA PRIVATE KEY
EC PRIVATE KEY
OPENSSH PRIVATE KEY
PGP PRIVATE KEY BLOCK
PRIVATE KEY
RSA PRIVATE KEY
SSH2 ENCRYPTED PRIVATE KEY
PuTTY-User-Key-File-2

Fix - Buildtime

Multiple Services

Step 1: Revoke the exposed secret.

Step 2: Clean the git history.
Go under the settings section of your GitHub project and chose the change visibility button at the bottom.

Step 3: Inspect your application's access logs to ensure the key was not utilized during the compromised period.