Skip to content

codyhanson/github_cred_check

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

github_cred_check.py

github_cred_check.py

 
 

requirements.txt

requirements.txt

 
 

Repository files navigation

#Credential Check You shouldn't put sensitive credentials in your git repositories, whether they are public or private. This tool helps you search through everything, to help identify things on Github that shouldn't be there.

There are two ways to search right now:

###AWS Credentials To search github for AWS Access Key Id's, download a credential report from the IAM application. This CSV file contains a list of users that the script will use the IAM API to search for Access Key ID's with.

###CSV File of tokens If you want to search for other tokens that you shouldn't have in your code, you can specify them in a two column CSV file.

The format is <description, value>

Production Sendgrid Secret,abc123!@#
Database secret key,I@mS3cret!

###Required Config For now, just edit the variables at the top of github_cred_check.py.

You need:

  • AWS credentials exported to the ENV, so that Boto can use them.
  • A valid Github API token.

###TODO

  • Honor Github API rate-limiting
  • Proper CLI interface (flags, options, help, etc).

About

Search Github for keys and other strings that shouldn't be in there.

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages