Secrets PR

[jmagee70]

No description provided.

[prisma-cloud-devsecops]

Prisma Cloud has found errors in this PR ⬇️

[prisma-cloud-devsecops]

  Base64 High Entropy String detected in code
    Resource: e8d18673b2be9b3016068b9cc985d9b3c828b702 | Checkov ID: CKV_SECRET_6

Description

Entropy checks help detect unstructured secrets by measuring the entropy level of a single string.
Entropy is a concept used to assign a numerical score to how unpredictable a password is or the likelihood of highly random data in a string of characters.
Strings with a high entropy score are flagged as suspected secrets.

[prisma-cloud-devsecops]

  Grafana Token detected in code
    Resource: f9211d97d53b71f98c81ca5fe8aad09ad956e7c1 | Checkov ID: CKV_SECRET_46

Description

The Grafana API key is a randomly generated string that external systems use to interact with Grafana HTTP APIs.
When you create an API key, you specify a Role that determines the permissions associated with the API key.
Role permissions control that actions the API key can perform on Grafana resources.

[prisma-cloud-devsecops]

  Databricks Authentication Token detected in code
    Resource: bf211b2046d950ff1637fa386d24008a76b4a267 | Checkov ID: CKV_SECRET_33

Description

To authenticate to and access Databricks REST APIs, you can use Databricks personal access tokens or passwords.
Databricks strongly recommends that you use tokens.
Tokens replace passwords in an authentication flow and should be protected like passwords.

To protect tokens, Databricks recommends that you store tokens in:

• Secret management and retrieve tokens in notebooks using the Secrets utility (dbutils.secrets).
• A local key store and use the Python keyring package to retrieve tokens at runtime.

[prisma-cloud-devsecops]

  Base64 High Entropy String detected in code
    Resource: c00f1a6e4b20aa64691d50781b810756d6254b8e | Checkov ID: CKV_SECRET_6

Description

Entropy checks help detect unstructured secrets by measuring the entropy level of a single string.
Entropy is a concept used to assign a numerical score to how unpredictable a password is or the likelihood of highly random data in a string of characters.
Strings with a high entropy score are flagged as suspected secrets.

[prisma-cloud-devsecops]

  CircleCI Personal Token detected in code (Invalid)
    Resource: dc2d287afbb58f52653293de4a2d49cbf3d9c293 | Checkov ID: CKV_SECRET_29

Description

To use the CircleCI API or view details about your pipelines, you will need API tokens with the appropriate permissions.
This document describes the types of API tokens available, as well as how to create and delete them.
There are two types of API token you can create within CircleCI.
Personal: These tokens are used to interact with the CircleCI API and grant full read and write permissions.
Project: These tokens allow you to read/write information for specific projects.
Project tokens have three scope options: Status, Read Only, and Admin.

• Status tokens grant read access to the project's build statuses.
  Useful for embedding status badges.
• Read Only tokens grant read only access to the project's API.
• Admin tokens grant read and write access for the project's API.

[prisma-cloud-devsecops]

  Atlassian Oauth2 Key detected in code
    Resource: ca5a7a58eecd8ca88771b5c8d82ea36e1560a968 | Checkov ID: CKV_SECRET_25

Description

OAuth is an authorization protocol that contains an authentication step.
OAuth allows a user (resource owner) to grant a third-party application (consumer/client) access to their information on another site (resource).
This process is commonly known as the OAuth dance.
Jira uses 3-legged OAuth (3LO), which means that the user is involved by authorizing access to their data on the resource (as opposed to 2-legged OAuth, where the user is not involved).
In Jira, a client is authenticated as the user involved in the OAuth dance and is authorized to have read and write access as that user.
The data that can be retrieved and changed by the client is controlled by the user's permissions in Jira.
The authorization process works by getting the resource owner to grant access to their information on the resource by authorizing a request token.
This request token is used by the consumer to obtain an access token from the resource.
Once the client has an access token, it can use the access token to make authenticated requests to the resource until the token expires or is revoked.

[prisma-cloud-devsecops]

  GitHub Token detected in code (Invalid)
    Resource: 6603678868691924456b30351161ae07204441c6 | Checkov ID: CKV_SECRET_43

Description

GitHub Personal Access Token

Personal access tokens (PATs) are an alternative to using passwords for authentication to GitHub when using the GitHub API or the command line.
If you want to use a PAT to access resources owned by an organization that uses SAML SSO, you must authorize the PAT.

GitHub OAuth Access Token

GitHub's OAuth implementation supports the standard authorization code grant type and the OAuth 2.0 Device Authorization Grant for apps that don't have access to a web browser.*
If you want to skip authorizing your app in the standard way, such as when testing your app, you can use the non-web application flow.
To authorize your OAuth app, consider which authorization flow best fits your app.

GitHub App Token

After you create a GitHub App, you'll need to generate one or more private keys.
You'll use the private key to sign access token requests.
You can create multiple private keys and rotate them to prevent downtime if a key is compromised or lost.

GitHub Refresh Token
To enforce regular token rotation and reduce the impact of a compromised token, you can configure your GitHub App to use expiring user access tokens.
Expiring user tokens expire after 8 hours.
When you receive a new user-to-server access token, the response will also contain a refresh token, which can be exchanged for a new user token and refresh token.
Refresh tokens are valid for 6 months.