Skip to content

feat(rules): add Azure & GCP service-account key patterns to secret detector (#93)#99

Open
stevenmini2019 wants to merge 2 commits into
fu351:mainfrom
stevenmini2019:feat/issue-93-azure-gcp-secret-patterns
Open

feat(rules): add Azure & GCP service-account key patterns to secret detector (#93)#99
stevenmini2019 wants to merge 2 commits into
fu351:mainfrom
stevenmini2019:feat/issue-93-azure-gcp-secret-patterns

Conversation

@stevenmini2019

Copy link
Copy Markdown

Summary

Closes #93.

Adds detection for cloud service-account credential shapes that the original _CREDENTIAL_PATTERNS missed:

  • Azure Storage connection-string AccountKey=... (44-char base64)
  • Azure Service Bus / Event Hubs / IoT Hub SharedAccessKey=...
  • GCP service-account key JSON marker "type": "service_account"
  • GCP SA client email <name>@<project>.iam.gserviceaccount.com

Test plan

  • Added AZURE_GCP_CREDENTIALS detection cases (BLOCK on exfiltration) and AZURE_GCP_BENIGN precision guards (no over-block on ordinary emails / benign lookalikes).
  • Full secrets-rule suite: 63 passed.

All fake values are synthetic and split via + so GitHub push-protection / gitleaks CI stays clean.

…etector (fu351#93)

- Detect Azure Storage AccountKey= and Service Bus/IoT SharedAccessKey= in connection strings
- Detect GCP service-account JSON marker ("type": "service_account") and SA client email (*.iam.gserviceaccount.com)
- Add detection tests (BLOCK on exfil) + precision guards (no over-block on benign lookalikes)
- All 63 secrets-rule tests pass
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

secrets: add Azure & GCP service-account key patterns to the built-in detector

1 participant