Eg.: I have a file mycode.py which contains 2 secrets
myfakesecret : "ANSAJHSAKDKDMKADKAMCKSMKSMCKSCC"
MyOriginalSecret: "H%&&^DBSHDBHBBBS%^&&&DSD2343"
I want to ignore myfakesecret but not MyOriginalSecret in truffleHog scan.
If I use --exclude_paths exclude-patterns.txt where exclude-patterns.txt contains mycode.py then truffle hog scan will ignore both secrets.
Can I specify a secret hash or name or any other way to exclude secret not complete file so that it should ignore a particular secret?
Ideally, your code does not include the sensitive secret at all.
That way, truffleHog scan has nothing to ignore/exclude.
mycode.py should read that secret from a file/source outside the repository, at runtime (when you are executing the program.
Related
I have created hosts file in gitlab as follows I want to encrypt password and I want to use it.
Hosts file as follows
[aix]
tusk12
raid12
[aix:vars]
ansible_ssh_user=San
ansible_ssh_password="{{ ssh_pass }}"
ansible_connection=ssh
How should I pass value to ansible_ssh_password how should I use it in gitlab.
I mentioned ansible_ssh_password=san123 value and I encrypted whole file. I don't want to encrypt whole file I want to encrypt only ansible_ssh_password value and I want to use it in gitlab.
I have a bitbucket pipeline to push a docker image. I've defined the variable $DOCKERHUB_USERNAME=example
In my build step I have the line:
VERSION=$(npm run version --workspace=#example/core-web --silent)
When this runs though, its replacing #example with #$DOCKERHUB_USERNAME
VERSION=$(npm run version --workspace=#$DOCKERHUB_USERNAME/core-web --silent)
How can I escape that text so bitbucket doesn't try to replace it with the variable thats set to the same text? It just coincidentally is the same name, but they are not related.
If an environment variable is marked as a secret variable, Bitbucket activates a security feature that masks any accidental print of its value in the logs, replacing it by its variable name.
See https://support.atlassian.com/bitbucket-cloud/docs/variables-and-secrets/#Secured-variable-masking
Note this has no effect on the actual instructions being run: the value is only masked in the pipeline logs that are shown to you.
You should avoid such weak secrets. Using dictionary words that can legitimately show up in the logs will cause this security feature to expose the value of your secret so that it could be inferred even if it was never deliberately printed.
If you do not want to setup a secure value because it is not truly a secure variable, simply configure the variable as a regular public variable.
I have repeatedly kept my confidential information in the file. But I gave the name of the file. I'm looking wrong. What will I do now? I wrote the code well but it looks wrong to me
first you have to create a file named .env,
then in this file you have to put your secret key value that you don't want to share or that is harmful to share,
then you have to call dynamically the secret key name in your main file,
and most importantly you have to add thid .env or write .env to gitignore file.
I am trying to copy all the secrets along with the subfolders from one VAULT path to another.
Example:
source = "/path/namespace/TEAM1/jenkins"
(note: the above source path consists of subfolders like job1,job2,job3... and all these subfolders contains the respective secrets in the form of key-value pairs)
destination="/path/namespace/team1/jenkins"
I could able to manually copy each secret to the destination folder, but wondering any code snippet would help me here to achieve this. Like recursively copy all the secrets along with the respective sub-folders to the destination PATH.
Taking vault secret backup from one path to another like.
input_path: secret/tmp1
output_path: secret/tmp2
so now with this python script you can sync all secret from secret/tmp1 to secret/tmp2
Need to add input_path and output_path in python script then just run.
Link for python script.
https://github.com/vinamra1502/vault-backup-restore
With this script you can copy all secrets along with the subfolders from one vault path to others.
Ex. secret/tmp1 secret copy to secret/tmp2 path.
In an Microsoft Azure Web App Service under Application Settings, there are Key-Value pair options within the option App Settings. If a developer has PHP or Python files in multiple directories, which of these directories and (or) files would have access to these key-value pairs.
Example:
Suppose the developer has the following key value pair settings in App Settings:
Key: $variableString | Value: "My first example string."
Key: $variableNumber | Value: 1000
PHP files:
site\wwwroot\index.php
site\wwwroot\folderone\pageone.php
site\wwwroot\folderone\pagetwo.php
site\wwwroot\foldertwo\page.php
Would all these files have access to these variables, or would these files need to have a reference (and where?) to where these key-value pairs would be saved like in each PHP file with an include pointer to the App Settings file (Azure doesn't show this becomes a file)?
Thanks.
They will be available as environment variables so it doesn't matter where the file is.
If you set an app setting with key ITEM_COUNT and value 15, you could use:
$item_count = getenv('ITEM_COUNT');
Or:
$item_count = getenv('APPSETTING_ITEM_COUNT');
And $item_count would contain the string "15".
Anything that can access environment variables can access those, as those are environment variables. So python would be able, not sure about php, since I know nothing about it, but pretty sure it could.
In my code I just use this:
"{0}-{1}".format(os.getenv('LOCATION'), os.getenv('COMPUTERNAME'))