Skip to content

🔐 Secret Detection Test - Comprehensive Security Testing

Samantha Mingrequested to merge
secret-detection-test-v3 into main

🎯 Purpose

This merge request contains FAKE secrets to comprehensively test GitLab's secret detection capabilities and verify the MR security widget functionality.

📁 Files Added (3 files)

  • test_secrets.env - Environment variables with fake AWS keys, API tokens, database URLs
  • deploy.sh - Shell script with embedded credentials
  • README_TEST_SECRETS.md - Documentation

🚨 Comprehensive Test Secrets Included

  • AWS Access Key: AKIA1234567890EXAMPLE
  • AWS Secret Key: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
  • AWS Session Token: AQoEXAMPLEH4aoAH0gNCAPyJxz4BlCFFxWNE1OPTgk5TthT+FvwqnKwRcOIfrRh3c/LTo6UDdyJwOOvEVPvLXCrrrUtdnniCEXAMPLE
  • Stripe API Keys: sk_test_1234567890abcdefghijklmnopqrstuvwxyz, sk_live_1234567890abcdefghijklmnopqrstuvwxyz
  • SendGrid API Key: SG.1234567890abcdefghijklmnopqrstuvwxyz.1234567890abcdefghijklmnopqrstuvwxyz
  • GitHub Token: ghp_1234567890abcdefghijklmnopqrstuvwxyz12
  • JWT Tokens: Multiple patterns
  • Database URLs: PostgreSQL, Redis, MongoDB
  • Private Key Pattern: RSA private key format
  • Generic Secrets: Various patterns

Expected Results

  1. 🔄 CI/CD pipeline should trigger automatically
  2. 🛡️ Secret detection job should run and find multiple vulnerabilities
  3. 📊 Security widget should populate with detected secrets
  4. 🚨 Multiple security findings should appear in the MR
  5. 🔍 Pipeline Security tab should show comprehensive results

⚠️ IMPORTANT DISCLAIMER

  • ALL SECRETS ARE COMPLETELY FAKE
  • Created specifically for testing purposes
  • No real credentials or sensitive data exposed
  • Safe for demonstration and testing
  • Secret push protection was temporarily disabled for this test

🔬 Testing Note: This MR is designed to test the dependency list GraphQL migration and security widget functionality with comprehensive secret detection coverage.

Merge request reports