@secretlint/secretlint-rule-azure
v9.0.0
Published
A secretlint rule for Azure.
Downloads
1,821
Readme
@secretlint/secretlint-rule-azure
A secretlint rule for Azure (i.e. Azure AD) secrets. This rule takes aim at two common credentials leaks:
Note that unlike other secretlint PaaS rules, Azure does not have a standard file format for credentials and all sensitive information is fully random, so discovering Azure AD credentials is purely heuristical.
Install
Install with npm:
npm install @secretlint/secretlint-rule-azureUsage
Via .secretlintrc.json
{
"rules": [
{
"id": "@secretlint/secretlint-rule-azure"
}
]
}MessageIDs
AzureTenantId
found Azure AD tenant ID: {{ID}}
This is the GUID of an Azure AD tenant. While this ID can be discovered from the domain name, knowing the tenant ID increases the chance that credentials can be exploited. It is thus a good idea to treat the tenant ID as sensitive.
AzureClientId
found Azure client id: {{ID}}
This is the equivalent of a username and should be treated as sensitive.
AzureClientSecret
found Azurre client secret: {{SECRET}}
This is the long-lived secret for a user or service principal and should be kept secret.
Options
allows: string[]- Allows a list of RegExp-like String
Examples
{
"rules": [
{
"id": "@secretlint/secretlint-rule-azure",
// Ignore error related to IDs
"allowMessageIds": ["AzureTenantId", "AzureClientId"],
"options": {
// allow list
"allows": ["/IT_IS_PUBLIC/"]
}
}
]
}Changelog
See Releases page.
Running tests
Install devDependencies and Run npm test:
npm testContributing
Pull requests and stars are always welcome.
For bugs and feature requests, please create an issue.
- Fork it!
- Create your feature branch:
git checkout -b my-new-feature - Commit your changes:
git commit -am 'Add some feature' - Push to the branch:
git push origin my-new-feature - Submit a pull request :D
Author
License
MIT © Xenit AB