trufflehog icon indicating copy to clipboard operation
trufflehog copied to clipboard

Published 20 hours ago β€’ verified publisher icon trufflesecurity

GCP service account key is detected as just a private key

Open dinvlad opened this issue 3 years ago β€’ 1 comments

Community Note

  • Please vote on this issue by adding a πŸ‘ reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

TruffleHog Version

trufflehog dev

It was build just now from source:

git clone https://github.com/trufflesecurity/trufflehog.git
cd trufflehog; go install

Trace Output

trufflehog git --max-depth 1 file:///tmp/test-secrets-detection 
--trace
DEBU[0000] running version dev                          
DEBU[0000] running version dev                          
DEBU[0000] running with up to 32 workers                
DEBU[0000] loaded 2 decoders                            
DEBU[0000] loaded 672 detectors total, 672 with verification enabled. 0 with verification disabled 
DEBU[0000] Git repo local path: /tmp/test-secrets-detection 
πŸ·πŸ”‘πŸ·  TruffleHog. Unearth your secrets. πŸ·πŸ”‘πŸ·

{"level":"debug","time":"2022-05-06T10:38:55-04:00","message":"executing: /usr/bin/git -C /tmp/test-secrets-detection log -p -U0 --full-history --all"}
TRAC[0000] Scanning file from git                        commit=64cb2919882a92d406b93da1e97b4b4d7385d66d file=README.md
TRAC[0000] detecting fragment                            fragment=
TRAC[0000] detecting fragment                            fragment="  \"private_key_id\": \"76c2156c329a5e822364122425a9d19078de9023\",\n  \"private_key\": \"-----BEGIN PRIVATE KEY-----\\nMIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCfUx11LHlAhM1g\\nJrqHRb2/HwRSYLKyOlAVMvombnOL4FEY5jfLZ5ZQuTXyJlHy7E7Jo5rwPJj72JLg\\nQFXSU86lbeI1jdyu5z5mn/m2E1pwQfXFeO3o6WY0iN9YU4I6IcsFwSHKbRepC5fs\\nlaUtw1F8gj8S+qQtUlP5HWeitV7NbM2bohfvPTV2hC9OTLI4j3MOBrkdLsByCMKI\\nCqHUxxCDRwB19D6YLuByUZQViDFR2NTgUZLnpBzFAlDOunIHxwsQWoIfsL3xN9xz\\nQVmn+ux8QGATkiwRb+ngMkkrdqW+PHJ7zebwtRZTIQcxk6fFDTltp+zXc4f9Rh5N\\ntbL+QEyFAgMBAAECggEAR/x6w9V7V35pePcmsjX9nJv8DOhp9QNJ6bolsjWXeWy5\\n16E1Nm8wSHrWd/l+b1773jlQqRkIGkppWm9XF3gMV0yFt6LIQjJzTFUds3mdFDmJ\\nPVb9T44dQsFRAIyCu5dHLutrRBX0acm2NAwNHNcyOypyKzYZ9exLyrPRfn+qPPAk\\nMysNDH5EDN7MYk2kD1Fo+g0Bv7lOn8H2JgUvaVnRuK6X2MoRVgSH9mPs2UeUIn3U\\nVv0AGbc24ubfXtNkjFbwpTZ9Xocni7PF76HqDyKuJS8qpiU+bgnPKZnK4680gSg/\\nWFSIZQEqYVJ7cF1OIAtr1f3bAIRQumg4fN4KFCwrRQKBgQDXzdsBfJ1cxFgbdEQF\\nu7MmqyMV6lcwvQBdOWT+FeEU/vnQL8+zGq9I5RSLw8kSwHmxqREXgzUgFq0725E0\\nQD+sVyAnYAnflXjSClhth8q2BUgNkoR28tHMHZeY9/ysDzSLuMjuy91T7qUhbSgg\\nhaHzZM9BykcGyxOMd+atZeegywKBgQC9ACk+/7BzHGZjiSoM+J2rFZuYyH55zI+E\\nHG5zu6MVXvfCKZQ3hmeDvuYVUf5bcJRt8tQ25aDSoOquGznhbCsSS+wrNQ1k6JYX\\nIeOOZDi1czcW7zKDyUs0bMpAUP29IMFMZrRaXmQAlWR0Aw71F/cWrhA03XlnWT/Z\\nl2+aRwit7wKBgEueAkN/GtTKp+TW1I79ukSuatjfCDY3w8zms5Cksf3dakOcvTaQ\\n/yKXwp9Gt0ouz3WFPEv02cSorYLv6O1aJfWJgebKLCuAAJn4rguTLWCicSDwWiIj\\n64eORvR+0LapjUv4L9Ac9yzVzl7sFMdwi9LxW/49lq22st7hlJ7lukgJAoGAALZa\\ncXFXQefOfvuKXAgn1/g54OaIi37433+X7vm7EJ6OAn5Tn63y/+0dQuFPOxr+hDeR\\nEy/kXkba+5MAsdfNhcEhf7wwc7vorOekyumXyR9JCt4V66c7kFQEox9rBWZ1NAuD\\nDIAkklf9y+4jBUt00/IN/5UCGyCb+/71Hbi80KMCgYA10QLuTwa9QWgwIhMZzgQg\\nhcPnQFavQHsxuvBWqZuSScExTvQQvFAFD/PKUeVtcNzSneigKaIzdsuIIr4EREyk\\n5gLMwjc8Jmhri4D+LyLBGPea+z7Y5j783YDsZyHniU1LcmtI2OxVIru/J7p760lJ\\nrlzkXYY1VbiW4J5NwKixmg==\\n-----END PRIVATE KEY-----\\n\",\n"
TRAC[0000] detecting fragment                            fragment=
TRAC[0000] Scanning file from git                        commit=a97359eae060226bbadf521722b38d4f93490e25 file=README.md
DEBU[0000] reached max depth                            
DEBU[0000] Scanning complete. Scan time: 0.052600       
Found unverified result πŸ·πŸ”‘β“
Detector Type: PrivateKey
Raw result: -----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCfUx11LHlAhM1g
JrqHRb2/HwRSYLKyOlAVMvombnOL4FEY5jfLZ5ZQuTXyJlHy7E7Jo5rwPJj72JLg
QFXSU86lbeI1jdyu5z5mn/m2E1pwQfXFeO3o6WY0iN9YU4I6IcsFwSHKbRepC5fs
laUtw1F8gj8S+qQtUlP5HWeitV7NbM2bohfvPTV2hC9OTLI4j3MOBrkdLsByCMKI
CqHUxxCDRwB19D6YLuByUZQViDFR2NTgUZLnpBzFAlDOunIHxwsQWoIfsL3xN9xz
QVmn+ux8QGATkiwRb+ngMkkrdqW+PHJ7zebwtRZTIQcxk6fFDTltp+zXc4f9Rh5N
tbL+QEyFAgMBAAECggEAR/x6w9V7V35pePcmsjX9nJv8DOhp9QNJ6bolsjWXeWy5
16E1Nm8wSHrWd/l+b1773jlQqRkIGkppWm9XF3gMV0yFt6LIQjJzTFUds3mdFDmJ
PVb9T44dQsFRAIyCu5dHLutrRBX0acm2NAwNHNcyOypyKzYZ9exLyrPRfn+qPPAk
MysNDH5EDN7MYk2kD1Fo+g0Bv7lOn8H2JgUvaVnRuK6X2MoRVgSH9mPs2UeUIn3U
Vv0AGbc24ubfXtNkjFbwpTZ9Xocni7PF76HqDyKuJS8qpiU+bgnPKZnK4680gSg/
WFSIZQEqYVJ7cF1OIAtr1f3bAIRQumg4fN4KFCwrRQKBgQDXzdsBfJ1cxFgbdEQF
u7MmqyMV6lcwvQBdOWT+FeEU/vnQL8+zGq9I5RSLw8kSwHmxqREXgzUgFq0725E0
QD+sVyAnYAnflXjSClhth8q2BUgNkoR28tHMHZeY9/ysDzSLuMjuy91T7qUhbSgg
haHzZM9BykcGyxOMd+atZeegywKBgQC9ACk+/7BzHGZjiSoM+J2rFZuYyH55zI+E
HG5zu6MVXvfCKZQ3hmeDvuYVUf5bcJRt8tQ25aDSoOquGznhbCsSS+wrNQ1k6JYX
IeOOZDi1czcW7zKDyUs0bMpAUP29IMFMZrRaXmQAlWR0Aw71F/cWrhA03XlnWT/Z
l2+aRwit7wKBgEueAkN/GtTKp+TW1I79ukSuatjfCDY3w8zms5Cksf3dakOcvTaQ
/yKXwp9Gt0ouz3WFPEv02cSorYLv6O1aJfWJgebKLCuAAJn4rguTLWCicSDwWiIj
64eORvR+0LapjUv4L9Ac9yzVzl7sFMdwi9LxW/49lq22st7hlJ7lukgJAoGAALZa
cXFXQefOfvuKXAgn1/g54OaIi37433+X7vm7EJ6OAn5Tn63y/+0dQuFPOxr+hDeR
Ey/kXkba+5MAsdfNhcEhf7wwc7vorOekyumXyR9JCt4V66c7kFQEox9rBWZ1NAuD
DIAkklf9y+4jBUt00/IN/5UCGyCb+/71Hbi80KMCgYA10QLuTwa9QWgwIhMZzgQg
hcPnQFavQHsxuvBWqZuSScExTvQQvFAFD/PKUeVtcNzSneigKaIzdsuIIr4EREyk
5gLMwjc8Jmhri4D+LyLBGPea+z7Y5j783YDsZyHniU1LcmtI2OxVIru/J7p760lJ
rlzkXYY1VbiW4J5NwKixmg==
-----END PRIVATE KEY-----
Repository: [email protected]:broadinstitute/test-secrets-detection.git
Timestamp: 2022-05-06 10:33:26 -0400 EDT
Line: 4
Commit: 64cb2919882a92d406b93da1e97b4b4d7385d66d
File: README.md
Email: [email protected]


Found unverified result πŸ·πŸ”‘β“
Detector Type: PrivateKey
Raw result: -----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCfUx11LHlAhM1g
JrqHRb2/HwRSYLKyOlAVMvombnOL4FEY5jfLZ5ZQuTXyJlHy7E7Jo5rwPJj72JLg
QFXSU86lbeI1jdyu5z5mn/m2E1pwQfXFeO3o6WY0iN9YU4I6IcsFwSHKbRepC5fs
laUtw1F8gj8S+qQtUlP5HWeitV7NbM2bohfvPTV2hC9OTLI4j3MOBrkdLsByCMKI
CqHUxxCDRwB19D6YLuByUZQViDFR2NTgUZLnpBzFAlDOunIHxwsQWoIfsL3xN9xz
QVmn+ux8QGATkiwRb+ngMkkrdqW+PHJ7zebwtRZTIQcxk6fFDTltp+zXc4f9Rh5N
tbL+QEyFAgMBAAECggEAR/x6w9V7V35pePcmsjX9nJv8DOhp9QNJ6bolsjWXeWy5
16E1Nm8wSHrWd/l+b1773jlQqRkIGkppWm9XF3gMV0yFt6LIQjJzTFUds3mdFDmJ
PVb9T44dQsFRAIyCu5dHLutrRBX0acm2NAwNHNcyOypyKzYZ9exLyrPRfn+qPPAk
MysNDH5EDN7MYk2kD1Fo+g0Bv7lOn8H2JgUvaVnRuK6X2MoRVgSH9mPs2UeUIn3U
Vv0AGbc24ubfXtNkjFbwpTZ9Xocni7PF76HqDyKuJS8qpiU+bgnPKZnK4680gSg/
WFSIZQEqYVJ7cF1OIAtr1f3bAIRQumg4fN4KFCwrRQKBgQDXzdsBfJ1cxFgbdEQF
u7MmqyMV6lcwvQBdOWT+FeEU/vnQL8+zGq9I5RSLw8kSwHmxqREXgzUgFq0725E0
QD+sVyAnYAnflXjSClhth8q2BUgNkoR28tHMHZeY9/ysDzSLuMjuy91T7qUhbSgg
haHzZM9BykcGyxOMd+atZeegywKBgQC9ACk+/7BzHGZjiSoM+J2rFZuYyH55zI+E
HG5zu6MVXvfCKZQ3hmeDvuYVUf5bcJRt8tQ25aDSoOquGznhbCsSS+wrNQ1k6JYX
IeOOZDi1czcW7zKDyUs0bMpAUP29IMFMZrRaXmQAlWR0Aw71F/cWrhA03XlnWT/Z
l2+aRwit7wKBgEueAkN/GtTKp+TW1I79ukSuatjfCDY3w8zms5Cksf3dakOcvTaQ
/yKXwp9Gt0ouz3WFPEv02cSorYLv6O1aJfWJgebKLCuAAJn4rguTLWCicSDwWiIj
64eORvR+0LapjUv4L9Ac9yzVzl7sFMdwi9LxW/49lq22st7hlJ7lukgJAoGAALZa
cXFXQefOfvuKXAgn1/g54OaIi37433+X7vm7EJ6OAn5Tn63y/+0dQuFPOxr+hDeR
Ey/kXkba+5MAsdfNhcEhf7wwc7vorOekyumXyR9JCt4V66c7kFQEox9rBWZ1NAuD
DIAkklf9y+4jBUt00/IN/5UCGyCb+/71Hbi80KMCgYA10QLuTwa9QWgwIhMZzgQg
hcPnQFavQHsxuvBWqZuSScExTvQQvFAFD/PKUeVtcNzSneigKaIzdsuIIr4EREyk
5gLMwjc8Jmhri4D+LyLBGPea+z7Y5j783YDsZyHniU1LcmtI2OxVIru/J7p760lJ
rlzkXYY1VbiW4J5NwKixmg==
-----END PRIVATE KEY-----
Email: [email protected]
Repository: [email protected]:broadinstitute/test-secrets-detection.git
Timestamp: 2022-05-06 10:33:26 -0400 EDT
Line: 4
Commit: 64cb2919882a92d406b93da1e97b4b4d7385d66d
File: README.md

DEBU[0001] scanned 3 chunks

(Service Account key has since been deleted, so no concern about posting it here)

Expected Behavior

TruffleHog should detect this key as being a Service Account Key.

Actual Behavior

TruffleHog detects it as just a private key.

Also please note 2 other (possibly unrelated) issues:

  1. Key is reported twice (this is despite this key being just committed - it wasn't there in the previous commit).
  2. Line number is off by one (Line 5 is where "private_key": "-----BEGIN PRIVATE KEY----- is, not Line 4).

Steps to Reproduce

  1. Run trufflehog git --max-depth 1 file:///tmp/test-secrets-detection in a repo where the following README.md file has been committed:
{
  "type": "service_account",
  "project_id": "project-id-redacted",
  "private_key_id": "76c2156c329a5e822364122425a9d19078de9023",
  "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCfUx11LHlAhM1g\nJrqHRb2/HwRSYLKyOlAVMvombnOL4FEY5jfLZ5ZQuTXyJlHy7E7Jo5rwPJj72JLg\nQFXSU86lbeI1jdyu5z5mn/m2E1pwQfXFeO3o6WY0iN9YU4I6IcsFwSHKbRepC5fs\nlaUtw1F8gj8S+qQtUlP5HWeitV7NbM2bohfvPTV2hC9OTLI4j3MOBrkdLsByCMKI\nCqHUxxCDRwB19D6YLuByUZQViDFR2NTgUZLnpBzFAlDOunIHxwsQWoIfsL3xN9xz\nQVmn+ux8QGATkiwRb+ngMkkrdqW+PHJ7zebwtRZTIQcxk6fFDTltp+zXc4f9Rh5N\ntbL+QEyFAgMBAAECggEAR/x6w9V7V35pePcmsjX9nJv8DOhp9QNJ6bolsjWXeWy5\n16E1Nm8wSHrWd/l+b1773jlQqRkIGkppWm9XF3gMV0yFt6LIQjJzTFUds3mdFDmJ\nPVb9T44dQsFRAIyCu5dHLutrRBX0acm2NAwNHNcyOypyKzYZ9exLyrPRfn+qPPAk\nMysNDH5EDN7MYk2kD1Fo+g0Bv7lOn8H2JgUvaVnRuK6X2MoRVgSH9mPs2UeUIn3U\nVv0AGbc24ubfXtNkjFbwpTZ9Xocni7PF76HqDyKuJS8qpiU+bgnPKZnK4680gSg/\nWFSIZQEqYVJ7cF1OIAtr1f3bAIRQumg4fN4KFCwrRQKBgQDXzdsBfJ1cxFgbdEQF\nu7MmqyMV6lcwvQBdOWT+FeEU/vnQL8+zGq9I5RSLw8kSwHmxqREXgzUgFq0725E0\nQD+sVyAnYAnflXjSClhth8q2BUgNkoR28tHMHZeY9/ysDzSLuMjuy91T7qUhbSgg\nhaHzZM9BykcGyxOMd+atZeegywKBgQC9ACk+/7BzHGZjiSoM+J2rFZuYyH55zI+E\nHG5zu6MVXvfCKZQ3hmeDvuYVUf5bcJRt8tQ25aDSoOquGznhbCsSS+wrNQ1k6JYX\nIeOOZDi1czcW7zKDyUs0bMpAUP29IMFMZrRaXmQAlWR0Aw71F/cWrhA03XlnWT/Z\nl2+aRwit7wKBgEueAkN/GtTKp+TW1I79ukSuatjfCDY3w8zms5Cksf3dakOcvTaQ\n/yKXwp9Gt0ouz3WFPEv02cSorYLv6O1aJfWJgebKLCuAAJn4rguTLWCicSDwWiIj\n64eORvR+0LapjUv4L9Ac9yzVzl7sFMdwi9LxW/49lq22st7hlJ7lukgJAoGAALZa\ncXFXQefOfvuKXAgn1/g54OaIi37433+X7vm7EJ6OAn5Tn63y/+0dQuFPOxr+hDeR\nEy/kXkba+5MAsdfNhcEhf7wwc7vorOekyumXyR9JCt4V66c7kFQEox9rBWZ1NAuD\nDIAkklf9y+4jBUt00/IN/5UCGyCb+/71Hbi80KMCgYA10QLuTwa9QWgwIhMZzgQg\nhcPnQFavQHsxuvBWqZuSScExTvQQvFAFD/PKUeVtcNzSneigKaIzdsuIIr4EREyk\n5gLMwjc8Jmhri4D+LyLBGPea+z7Y5j783YDsZyHniU1LcmtI2OxVIru/J7p760lJ\nrlzkXYY1VbiW4J5NwKixmg==\n-----END PRIVATE KEY-----\n",
  "client_email": "test-secrets-scanner-1234f3fwe@project-id-redacted.iam.gserviceaccount.com",
  "client_id": "104734301006061980199",
  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
  "token_uri": "https://oauth2.googleapis.com/token",
  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
  "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/test-secrets-scanner-1234f3fwe%40project-id-redacted.iam.gserviceaccount.com"
}

Environment

  • OS: Ubuntu
  • Version 20.04.4 LTS

Additional Context

References

dinvlad avatar May 06 '22 14:05 dinvlad

Hey Dinvlad, did it also report a GCP or just the private key? Expected behavior is to report both, since it contains both

dxa4481 avatar Nov 23 '22 18:11 dxa4481

I think this works properly now, thanks! Feel free to reopen if it’s still an issue please

dinvlad avatar Feb 03 '23 01:02 dinvlad