kics icon indicating copy to clipboard operation
kics copied to clipboard
verified publisher icon Checkmarx

query(terraform): wanting to exclude Keyvault References

Open stusklinar opened this issue 1 year ago • 0 comments

Platform

Terraform

Provider

Azure

Description

I'm trying to exclude KeyVault References from showing as high/secrets when included in Terraform.

I've written an allow rule - allow anything that starts with @Microsoft.KeyVault. which is the pattern

then included that in my run

`{ "allowRules": [ { "description": "Allow Keyvault References", "regex": "^@Microsoft.KeyVault.*" }

] }`

--secrets-regexes-path /path/Pipelines/templates/kics/queries.json

It works, by virtue of now allowing everything.

I tried changing my reference to @@ expecting that to fail - but it seems to blanket allow all now.

The format for AppSettings KeyVault references is as so:

@Microsoft.KeyVault(VaultName=fMyVault;SecretName=mySecret

Thanks

stusklinar avatar Sep 02 '24 13:09 stusklinar