detect-secrets icon indicating copy to clipboard operation
detect-secrets copied to clipboard

Published 20 hours ago verified publisher icon Yelp

Should 'secret_key' be added to the keyword plugin?

Open mdscruggs opened this issue 6 years ago • 2 comments

While trying out detect-secrets for the first time today, I noticed the term 'secret_key' is not present in the keyword plugin (see https://github.com/Yelp/detect-secrets/blob/master/detect_secrets/plugins/keyword.py#L38). This means it doesn't find the very common Django SECRET_KEY variable. I was wondering if folks think 'secret_key' should be added to the keyword plugin's blacklist...but as a newcomer to this library I wasn't sure if that would cause consternation, since it would basically point out SECRET_KEY for any and all Django projects (if I understand the plugin correctly).

Just looking to start the conversation! Thanks!

mdscruggs avatar Mar 22 '19 13:03 mdscruggs

Hi @mdscruggs, that's a good idea 👍

I'd have to do a decent amount of internal testing first, before adding that to the keyword blacklist, but it definitely sounds reasonable. I'll leave this open until I add it/do the internal testing.

KevinHock avatar Mar 25 '19 21:03 KevinHock

Interessed about it 👍

Tioborto avatar Apr 08 '19 11:04 Tioborto

We're going to close this issue as it hasn't received any update in a very long time. Feel free to re-open it if you think it's still relevant.

lorenzodb1 avatar May 09 '24 17:05 lorenzodb1