Add secrets for common API keys/tokens
I have included an updated gl-sast-report.json, however it does not include the keys that were not found. Not sure how you want to handle that.
The following keys have been added.
-
Google API Key -
RSA Private Key -
Google OAuth ID -
General Private Key -
Amazon AWS Access Key ID -
Twitter Access Token -
EC Private Key -
Facebook Access Token -
PGP Private Key -
MailGun API Key -
MailChimp API Key -
Stripe Standard API Key -
Twilio API Key -
Square Access Token -
Square OAuth Secret -
Amazon MWS Auth Token -
Braintree Access Token -
Picatic API Key (now eventbrite)
Here's the list the secrets analyzer was unable to find:
-
Google API Key -
Google OAuth ID -
Twitter Access Token -
Facebook Access Token -
MailGun API Key -
MailChimp API Key -
Square Access Token -
Square OAuth Secret -
Amazon MWS Auth Token -
Braintree Access Token -
Picatic API Key (now eventbrite)
I also added a few more common ones: slack token, various types of google service account keys/files, and variations of pgp/ssh keys. It looks like the analyzer found all of them (except the previous list's Google API Key, Google OAuth ID)
/CC @tmccaslin who this should be assigned to?
Edited by Lucas Charles