Bug description
git-secrets --register-aws registers patterns for classic AWS credential types (AKIA, ASIA, AGPA, etc.) but does not cover AWS Bedrock API keys, which use a distinct short-lived credential format.
A developer using Bedrock who runs git-secrets --register-aws will see no warnings when committing Bedrock credentials, creating a false sense of security.
PR #271 (open since October 2025) attempts to add a Bedrock pattern but has not been merged. This issue documents the gap so it is tracked independently of that PR.
To reproduce
- Install git-secrets and run
git-secrets --register-aws
- Create a file containing a Bedrock short-lived credential
- Attempt to commit — git-secrets does not block it
Expected behavior
--register-aws should cover all active AWS credential types, including Bedrock API keys, or the documentation should explicitly state which credential types are not covered so users know to add patterns manually.
Environment
- git-secrets version: latest (master)
- OS: Linux / macOS
References
Bug description
git-secrets --register-awsregisters patterns for classic AWS credential types (AKIA, ASIA, AGPA, etc.) but does not cover AWS Bedrock API keys, which use a distinct short-lived credential format.A developer using Bedrock who runs
git-secrets --register-awswill see no warnings when committing Bedrock credentials, creating a false sense of security.PR #271 (open since October 2025) attempts to add a Bedrock pattern but has not been merged. This issue documents the gap so it is tracked independently of that PR.
To reproduce
git-secrets --register-awsExpected behavior
--register-awsshould cover all active AWS credential types, including Bedrock API keys, or the documentation should explicitly state which credential types are not covered so users know to add patterns manually.Environment
References