Skip to content
This repository has been archived by the owner on Jun 11, 2019. It is now read-only.

Commit

Permalink
Don't warn for unencrypted KEY_ID patterns
Browse files Browse the repository at this point in the history
  • Loading branch information
Mikael Johansson committed Jun 9, 2016
1 parent b1e3ef2 commit 2f117ab
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 1 deletion.
2 changes: 1 addition & 1 deletion src/lighter/main.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ def process_env(filename, verifySecrets, env):

# Check for unencrypted secrets
if (('password' in key.lower() or 'pwd' in key.lower() or 'key' in key.lower() or 'token' in key.lower()) and
'public' not in key.lower()) and len(secretary.extractEnvelopes(value)) == 0:
'public' not in key.lower() and 'id' not in key.lower()) and len(secretary.extractEnvelopes(value)) == 0:
if verifySecrets:
raise RuntimeError('Found unencrypted secret in %s: %s' % (filename, key))
else:
Expand Down
1 change: 1 addition & 0 deletions src/resources/yaml/staging/myservice-encrypted-password.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ override:
env:
SERVICE_VERSION: '%{lighter.version}'
SERVICE_BUILD: '%{lighter.uniqueVersion}'
AWS_ACCESS_KEY_ID: '123abc'
DATABASE_PASSWORD: 'ENC[NACL,deadbeef]'
CVAR: '%{cvar}'
NEW_RELIC_APP_NAME: '%{newrelic.appname.prefix} MyService'
Expand Down

0 comments on commit 2f117ab

Please sign in to comment.