hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve Loughran (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-15069) support git-secrets commit hook to keep AWS secrets out of git
Date Mon, 27 Nov 2017 12:05:00 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-15069?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16266708#comment-16266708

Steve Loughran commented on HADOOP-15069:

no, only those lines were autogenerated. The rest were built by trial and error: running the
script and seeing what failed. The regexp and those strings are enough to keep the current
source code and any new commits happy. The regexp didn't work for old repos, so I tried to
insert the explicit strings, but eventually gave up.

The key thing is with this file, if the user installs the git secrets hook & registers
the AWS secrets, then they are kept out of source

> support git-secrets commit hook to keep AWS secrets out of git
> --------------------------------------------------------------
>                 Key: HADOOP-15069
>                 URL: https://issues.apache.org/jira/browse/HADOOP-15069
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: build
>    Affects Versions: 3.0.0
>            Reporter: Steve Loughran
>            Assignee: Steve Loughran
>            Priority: Minor
>         Attachments: HADOOP-15069-001.patch, HADOOP-15069-002.patch
> The latest Uber breach looks like it involved AWS keys in git repos.
> Nobody wants that, which is why amazon provide [git-secrets|https://github.com/awslabs/git-secrets];
a script you can use to scan a repo and its history, *and* add as an automated check.
> Anyone can set this up, but there are a few false positives in the scan, mostly from
longs and a few all-upper-case constants. These can all be added to a .gitignore file.
> Also: mention git-secrets in the aws testing docs; say "use it"

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org

View raw message