Skip to content

Newsecrets #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
jmagee70 wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Newsecrets #5

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
0093ff4
secretsupdate
jmagee70 Jul 24, 2023
134a62d
secrets
jmagee70 Jul 24, 2023
dbeed17
secretsupdate
jmagee70 Jul 24, 2023
2db862d
secrets updated
jmagee70 Jul 24, 2023
8ba743b
secrets
jmagee70 Jul 24, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 10 additions & 10 deletions secrets.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
const SEC_1 = "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"
const SEC_2 = "eyJrIjoiNUwyZU7TMmRxQXNVcnR7UXB0ME4zYkhRaTk2STVhR0MiLCJuIjoidGVtcCIsImlkIjoxfQ=="
const SEC_3 = "dsapi45202d12abdce73c004a9e0be24a21b2"
const AWS_User=Admin
const AWSUser_Password="idsuhgpry9349ge485rgh5gn594g45"
const CIRCLE_CI = "2065ae463be5e534bb1d074a366d44e7a776d472"
const JIRA = "5FP0NmFYz81U32XdjNb42762"
SEC_1 = "ghp_3xyKmc3fgfuhireuhgdeag"
SEC_2 = "eyJrIjoiNUwyZU7TMmRxQXNVcnR7UXB0ME4zYkhRaTk2STVhR0MiLCJuIjoidGVtcCIsImlkIjoxfQ=="
Copy link

@prisma-cloud-devsecops prisma-cloud-devsecops bot Jul 24, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LOW  Base64 High Entropy Strings
    Resource: f9211d97d53b71f98c81ca5fe8aad09ad956e7c1 | Bridgecrew ID: BC_GIT_6 | Checkov ID: CKV_SECRET_6

Description

Entropy checks help detect unstructured secrets by measuring the entropy level of a single string. Entropy is a concept used to assign a numerical score to how unpredictable a password is or the likelihood of highly random data in a string of characters. Strings with a high entropy score are flagged as suspected secrets.

SEC_3 = "dsapi45202d12abdce73c004a9e0be24a21b2"
Copy link

@prisma-cloud-devsecops prisma-cloud-devsecops bot Jul 24, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LOW  Databricks Authentication Token
    Resource: bf211b2046d950ff1637fa386d24008a76b4a267 | Bridgecrew ID: BC_GIT_33 | Checkov ID: CKV_SECRET_33

Description

To authenticate to and access Databricks REST APIs, you can use Databricks personal access tokens or passwords. Databricks strongly recommends that you use tokens. Tokens replace passwords in an authentication flow and should be protected like passwords. To protect tokens, Databricks recommends that you store tokens in: * Secret management and retrieve tokens in notebooks using the Secrets utility (dbutils.secrets). * A local key store and use the Python keyring package to retrieve tokens at runtime.

AWS_User=Admin
AWSUser_Password="idsuhgpry9349ge485rgh5gn594g45"
Copy link

@prisma-cloud-devsecops prisma-cloud-devsecops bot Jul 24, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LOW  Base64 High Entropy Strings
    Resource: e8d18673b2be9b3016068b9cc985d9b3c828b702 | Bridgecrew ID: BC_GIT_6 | Checkov ID: CKV_SECRET_6

Description

Entropy checks help detect unstructured secrets by measuring the entropy level of a single string. Entropy is a concept used to assign a numerical score to how unpredictable a password is or the likelihood of highly random data in a string of characters. Strings with a high entropy score are flagged as suspected secrets.

CI = "2065ae463be5e534gnedribguirdegd44e7a776d472"
JIRA = "5FP0NmFYz81fgjdefguhreb42762"
provider "aws" {
# checkov:skip=CKV_SECRET_2:nah
access_key = "AKIAIOSFODNN7EXAMPLE"
secret_key = "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"
checkov:skip=CKV_SECRET_2:nah
access_key = "AKIAIOSfgherygh"
secret_key = "wJalrXUtnFEMI/K7MDfgkedrgjCYEXAMAAAKEY"
Copy link

@prisma-cloud-devsecops prisma-cloud-devsecops bot Jul 24, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LOW  Base64 High Entropy Strings
    Resource: 7bbfbc6b6bd1e018b6c41a921b640254b8508d16 | Bridgecrew ID: BC_GIT_6 | Checkov ID: CKV_SECRET_6

Description

Entropy checks help detect unstructured secrets by measuring the entropy level of a single string. Entropy is a concept used to assign a numerical score to how unpredictable a password is or the likelihood of highly random data in a string of characters. Strings with a high entropy score are flagged as suspected secrets.

2 changes: 2 additions & 0 deletions secrets/config.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
const CIRCLE_CI = "2065ae463be5e534bb1d074a366d44e7a776d472"
Copy link

@prisma-cloud-devsecops prisma-cloud-devsecops bot Jul 24, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

MEDIUM  CircleCI Personal Token (Invalid)
    Resource: dc2d287afbb58f52653293de4a2d49cbf3d9c293 | Bridgecrew ID: BC_GIT_29 | Checkov ID: CKV_SECRET_29

Description

To use the CircleCI API or view details about your pipelines, you will need API tokens with the appropriate permissions. This document describes the types of API tokens available, as well as how to create and delete them.

There are two types of API token you can create within CircleCI.
Personal: These tokens are used to interact with the CircleCI API and grant full read and write permissions.
Project: These tokens allow you to read/write information for specific projects. Project tokens have three scope options: Status, Read Only, and Admin. - Status tokens grant read access to the project’s build statuses. Useful for embedding status badges. - Read Only tokens grant read only access to the project’s API. - Admin tokens grant read and write access for the project’s API.

const JIRA = "5FP0NmFYz81U32XdjNb42762"
Copy link

@prisma-cloud-devsecops prisma-cloud-devsecops bot Jul 24, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LOW  Atlassian Oauth2 Keys
    Resource: ca5a7a58eecd8ca88771b5c8d82ea36e1560a968 | Bridgecrew ID: BC_GIT_25 | Checkov ID: CKV_SECRET_25

Description

OAuth is an authorization protocol that contains an authentication step. OAuth allows a user (resource owner) to grant a third-party application (consumer/client) access to their information on another site (resource). This process is commonly known as the OAuth dance. Jira uses 3-legged OAuth (3LO), which means that the user is involved by authorizing access to their data on the resource (as opposed to 2-legged OAuth, where the user is not involved).

In Jira, a client is authenticated as the user involved in the OAuth dance and is authorized to have read and write access as that user. The data that can be retrieved and changed by the client is controlled by the user's permissions in Jira.

The authorization process works by getting the resource owner to grant access to their information on the resource by authorizing a request token. This request token is used by the consumer to obtain an access token from the resource. Once the client has an access token, it can use the access token to make authenticated requests to the resource until the token expires or is revoked.

5 changes: 5 additions & 0 deletions secrets/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
provider "aws" {
Copy link

@prisma-cloud-devsecops prisma-cloud-devsecops bot Jul 24, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

HIGH  AWS access keys and secrets are hard coded in infrastructure
    Resource: aws.default | Bridgecrew ID: BC_AWS_SECRETS_5 | Checkov ID: CKV_AWS_41

How to Fix

provider "aws" {
  region = var.region
  - access_key = "NOTEXACTLYAKEY"
  - secret_key = "NOTACTUALLYASECRET"
}

Description

When accessing AWS programmatically users can select to use an access key to verify their identity, and the identity of their applications. An access key consists of an access key ID and a secret access key. Anyone with an access key has the same level of access to AWS resources.

We recommend you protect access keys and keep them private. Specifically, do not store hard coded keys and secrets in infrastructure such as code, or other version-controlled configuration settings.

Benchmarks

  • PCI-DSS V3.2 2

# checkov:skip=CKV_SECRET_2:nah
access_key = "AKIAIOSFODNN7EXAMPLE"
secret_key = "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"
Comment on lines +3 to +4

Check failure

Code scanning / checkov

AWS Access Key

AWS Access Key
Copy link

@prisma-cloud-devsecops prisma-cloud-devsecops bot Jul 24, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LOW  Base64 High Entropy Strings
    Resource: c00f1a6e4b20aa64691d50781b810756d6254b8e | Bridgecrew ID: BC_GIT_6 | Checkov ID: CKV_SECRET_6

Description

Entropy checks help detect unstructured secrets by measuring the entropy level of a single string. Entropy is a concept used to assign a numerical score to how unpredictable a password is or the likelihood of highly random data in a string of characters. Strings with a high entropy score are flagged as suspected secrets.

}
Comment on lines +1 to +5

Check failure

Code scanning / checkov

AWS access keys and secrets are hard coded in infrastructure

AWS access keys and secrets are hard coded in infrastructure
Comment on lines +4 to +5

Check notice

Code scanning / checkov

Base64 High Entropy String

Base64 High Entropy String
4 changes: 4 additions & 0 deletions secrets/provider.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
provider "aws" {
Copy link

@prisma-cloud-devsecops prisma-cloud-devsecops bot Jul 24, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

HIGH  AWS access keys and secrets are hard coded in infrastructure
    Resource: aws.default | Bridgecrew ID: BC_AWS_SECRETS_5 | Checkov ID: CKV_AWS_41

How to Fix

provider "aws" {
  region = var.region
  - access_key = "NOTEXACTLYAKEY"
  - secret_key = "NOTACTUALLYASECRET"
}

Description

When accessing AWS programmatically users can select to use an access key to verify their identity, and the identity of their applications. An access key consists of an access key ID and a secret access key. Anyone with an access key has the same level of access to AWS resources.

We recommend you protect access keys and keep them private. Specifically, do not store hard coded keys and secrets in infrastructure such as code, or other version-controlled configuration settings.

Benchmarks

  • PCI-DSS V3.2 2

access_key = "AKIAIOSFODNN7EXAMPLE"
Copy link

@prisma-cloud-devsecops prisma-cloud-devsecops bot Jul 24, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

HIGH  AWS Access Keys
    Resource: 25910f981e85ca04baf359199dd0bd4a3ae738b6 | Bridgecrew ID: BC_GIT_2 | Checkov ID: CKV_SECRET_2

Description

AWS Access Keys are long-term credentials for an IAM user or the AWS account root user. You can use access keys to sign programmatic requests to the AWS CLI or AWS API (directly or using the AWS SDK).

Access keys consist of two parts: an access key ID (for example, AKIAIOSFODNN7EXAMPLE) and a secret access key (for example, wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY).

secret_key = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMAAAKEY"
Comment on lines +2 to +3

Check failure

Code scanning / checkov

AWS Access Key

AWS Access Key
Copy link

@prisma-cloud-devsecops prisma-cloud-devsecops bot Jul 24, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LOW  Base64 High Entropy Strings
    Resource: c00f1a6e4b20aa64691d50781b810756d6254b8e | Bridgecrew ID: BC_GIT_6 | Checkov ID: CKV_SECRET_6

Description

Entropy checks help detect unstructured secrets by measuring the entropy level of a single string. Entropy is a concept used to assign a numerical score to how unpredictable a password is or the likelihood of highly random data in a string of characters. Strings with a high entropy score are flagged as suspected secrets.

}
Comment on lines +1 to +4

Check failure

Code scanning / checkov

AWS access keys and secrets are hard coded in infrastructure

AWS access keys and secrets are hard coded in infrastructure
Comment on lines +3 to +4

Check notice

Code scanning / checkov

Base64 High Entropy String

Base64 High Entropy String