Kubernetes objects may need to use secret data in their configs such as passwords/tokens/etc. Providing such sensitive data in plain-text is risky and highly unrecommended, as it can be stolen and used maliciously.
Different tools have different secrets, each with its own convention and format.
The gitleaks project aggregates such tools and stays up-to-date with their secret data format.
Targeted objects by this rule (types of
Enabled by default? True
Policy as code identifier: ALL_EXPOSED_SECRET_TERRAFORM
This rule will fail
If a Terraform API token is present anywhere in the config:
Rule output in the CLI
$ datree test *.yaml
>> File: failExample.yaml
❌ Prevent exposed Terraform secrets in objects [1 occurrence]
💡 Secret data found in config - keep your sensitive data elsewhere to prevent it from being stolen