Datree's Knowledge Base

Welcome to Datree's knowledge base You'll find comprehensive guides and documentation to help you start working with datree as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    

Separate secret credentials from source code

This rule prevents secret files from being included in the repository by excluding them from the source code.

Secret files, similar to security keys, are sometimes committed to Git. It is bad practice to save secret files inside your repositories. Even if the repositories are private, the files are vulnerable and accessible on the computer itself or the server which holds a copy of the repository locally.

Use case(s)

  • Prevent a security breach by ensuring generated secrets keys are excluded from the source code

When does this rule fail?

When one of the commits in the pull request contains a secret file pattern.

How to fix?

  1. Update the code to pull the secret key from a secret management service, for example Vault
  2. Remove the secret file, and push the new code to the branch
    $ git rm <secret-file-path>
    $ git commit -a -m "removed secret file from code"
    $ git push
    
  3. Datree's policy check automatically ensures the secret key is removed from the pull request

Separate secret credentials from source code


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.