aquasecurity/cloudsploit

ERROR: Config file could not be loaded. Please ensure you have copied the config_example.js file to config.js

AKASHCHAURASIA opened this issue · 3 comments

AKASHCHAURASIA commented
ERROR: Config file could not be loaded. Please ensure you have copied the config_example.js file to config.js
zadigus commented

I have the very same issue. I cannot run the tool on azure. I followed the cloudsploit documentation:

git clone https://github.com/aquasecurity/cloudsploit.git
cd cloudsploit
npm install
cp config_example.js config.js
# fill in my azure credentials
./index.js --config config.js

Here's a sample configuration of what I am using:

// CloudSploit config file

module.exports = {
    credentials: {
        aws: {
            // OPTION 1: If using a credential JSON file, enter the path below
            // credential_file: '/path/to/file.json',
            // OPTION 2: If using hard-coded credentials, enter them below
            // access_key: process.env.AWS_ACCESS_KEY_ID || '',
            // secret_access_key: process.env.AWS_SECRET_ACCESS_KEY || '',
            // session_token: process.env.AWS_SESSION_TOKEN || '',
            // plugins_remediate: ['bucketEncryptionInTransit']
        },
        aws_remediate: {
            // OPTION 1: If using a credential JSON file, enter the path below
            // credential_file: '/path/to/file.json',
            // OPTION 2: If using hard-coded credentials, enter them below
            // access_key: process.env.AWS_ACCESS_KEY_ID || '',
            // secret_access_key: process.env.AWS_SECRET_ACCESS_KEY || '',
            // session_token: process.env.AWS_SESSION_TOKEN || '',
        },
        azure: {
            application_id: 'my-client-id',
            key_value: 'my-client-secret',
            directory_id: 'my-directory-id',
            subscription_id: 'my-subscription-id'
        },
        azure_remediate: {
            // OPTION 1: If using a credential JSON file, enter the path below
            // credential_file: '/path/to/file.json',
            // OPTION 2: If using hard-coded credentials, enter them below
            // application_id: process.env.AZURE_APPLICATION_ID || '',
            // key_value: process.env.AZURE_KEY_VALUE || '',
            // directory_id: process.env.AZURE_DIRECTORY_ID || '',
            // subscription_id: process.env.AZURE_SUBSCRIPTION_ID || ''
        },
        google_remediate: {
            // OPTION 1: If using a credential JSON file, enter the path below
            // credential_file: process.env.GOOGLE_APPLICATION_CREDENTIALS || '/path/to/file.json',
            // OPTION 2: If using hard-coded credentials, enter them below
            // project: process.env.GOOGLE_PROJECT_ID || 'my-project',
            // client_email: process.env.GOOGLE_CLIENT_EMAIL || 'cloudsploit@your-project-name.iam.gserviceaccount.com',
            // private_key: process.env.GOOGLE_PRIVATE_KEY || '-----BEGIN PRIVATE KEY-----\nYOUR-PRIVATE-KEY-GOES-HERE\n-----END PRIVATE KEY-----\n'
        },
        google: {
            // OPTION 1: If using a credential JSON file, enter the path below
            // credential_file: process.env.GOOGLE_APPLICATION_CREDENTIALS || '/path/to/file.json',
            // OPTION 2: If using hard-coded credentials, enter them below
            // project: process.env.GOOGLE_PROJECT_ID || 'my-project',
            // client_email: process.env.GOOGLE_CLIENT_EMAIL || 'cloudsploit@your-project-name.iam.gserviceaccount.com',
            // private_key: process.env.GOOGLE_PRIVATE_KEY || '-----BEGIN PRIVATE KEY-----\nYOUR-PRIVATE-KEY-GOES-HERE\n-----END PRIVATE KEY-----\n'
        },
        oracle: {
            // OPTION 1: If using a credential JSON file, enter the path below
            // credential_file: '/path/to/file.json',
            // OPTION 2: If using hard-coded credentials, enter them below
            // tenancy_id: process.env.ORACLE_TENANCY_ID || 'ocid1.tenancy.oc1..',
            // compartment_id: process.env.ORACLE_COMPARTMENT_ID || 'ocid1.compartment.oc1..',
            // user_id: process.env.ORACLE_USER_ID || 'ocid1.user.oc1..',
            // key_fingerprint: process.env.ORACLE_KEY_FINGERPRINT || 'YOURKEYFINGERPRINT',
            // key_value: process.env.ORACLE_KEY_VALUE || '-----BEGIN PRIVATE KEY-----\nYOUR-PRIVATE-KEY-GOES-HERE\n-----END PRIVATE KEY-----\n'
        },
        github: {
            // OPTION 1: If using a credential JSON file, enter the path below
            // credential_file: '/path/to/file.json',
            // OPTION 2: If using hard-coded credentials, enter them below
            // token: process.env.GITHUB_TOKEN || '',
            // url: process.env.GITHUB_URL || 'https://api.github.com',
            // login: process.env.GITHUB_LOGIN || 'myusername',
            // organization: process.env.GITHUB_ORG || false
        }
    }
};

I get the following error:

INFO: Using CloudSploit config file: config.js
ERROR: Config file could not be loaded. Please ensure you have copied the config_example.js file to config.js

Originally, I thought cloudsploit would automatically load the file config.js, so I also tried:

./index.js

Unfortunately, that doesn't seem to take the config.js into account, as I get the following error:

[INFO][REGIONS] Could not load all regions from EC2: {"message":"Missing region in config","code":"ConfigError","time":"2023-06-14T09:57:23.283Z"}

which actually is not an error (it's an [INFO]), but the tool does not do anything.

Happens on master and version v2.0.0 of cloudsploit.

  • 👍1
zadigus commented

OMG I was finally able to make it run. The path to the config file needs to be ./config.js. So the command to run is

./index.js --config ./config.js

and that works like a charm.

  • 🎉1
DarkInnocence commented

not working for me :(