Ability to use smtp:username as a secret

Summary

We need to use AWS Access key ID in the smtp user field to connect to an AWS Simple Email Service endpoint. This is detected by GitLeaks as a Critical Issue.

In 7.3.0 the way to use smtp password was enhanced, but smtp username is not handled as a secret. ca343d8c

Steps to reproduce

Description: Running Gitleaks leaks in a pipeline detects smtp:user_name as critical vulnerability if you need to use AWS Access key ID (which should be a secret instead)

Configuration used

(Please provide a sanitized version of the configuration used wrapped in a code block (```yaml))

From values file:

      smtp:
        enabled: true
        address: email-smtp.eu-central-1.amazonaws.com
        port: 587
        user_name: <AWS Access key ID>
        password: 
          secret: gitlab-smtp-password
          key: password
        domain: "gitlab.xyz.aws.xyz.net"
        authentication: login
        starttls_auto: true
        openssl_verify_mode: peer
        pool: false

Current behavior

(What you're experiencing happening)

The AWS Access key ID is detected as a Critical Vulnerability

Expected behavior

(What you're expecting to happen) The Gitlab Helm Chart allows smtp:user_name value as a Kubernetes Secret

Versions

Chart: (v7.3.0)
Platform:
- Cloud: ( EKS )
- Self-hosted: (-)
Kubernetes: (kubectl version)
- Client: 1.24
- Server: 1.24
Helm: (helm version)
- Client: -
- Server: -

Relevant logs

(Please provide any relevant log snippets you have collected, using code blocks (```) to format)

AWS Access Token secret has been found in commit 
Project:
/ devops / cluster-management
File:
clusters/services-shared/addons/gitlab.yaml:80
Identifiers:
Gitleaks rule ID AWS
Severity:
Critical
Tool:
Secret Detection
Scanner Provider:
Gitleaks

Edited Aug 30, 2023 by Leandro Lamaison