AWS AKIA vs Secret Key

Question

AWS AKIA vs Secret Key

Helithumper opened this issue 3 years ago · 2 comments

Was Looking at https://github.com/sirwart/secrets/blob/main/src/find_secrets.rs#L24= and found reference to the AKIA-like set of access key IDs. I don't think these are secrets, however the regex could be replaced for the true format of AWS Secrets which would be tied to these identifiers (as listed under "Secret keys"): https://summitroute.com/blog/2018/06/20/aws_security_credential_formats/

Answer 1 · 2022-04-19T20:16:30.000Z

realized this is covered elsewhere

Answer 2 · 2022-04-19T22:02:38.000Z

@Helithumper You're right that there's already coverage for the actual AWS secret, but you're also right that AKIA prefixed keys are not secrets. I updated the regex list to not include those keys explicitly.