You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
One risk is that the regex, prefix, or postfix doesn't account for new secrets, causing them to mistakenly be committed in plaintext.
I'd like for sops to either:
encrypt data that looks like a secret, regardless of its key
cause a failure when a secret-looking string is not encrypted (with a corresponding --ignore flag)
https://github.com/Yelp/detect-secrets has some definitions of entropy that could be useful references: Base64HighEntropyString and HexHighEntropyString.
The text was updated successfully, but these errors were encountered:
https://github.com/getsops/sops?tab=readme-ov-file#encrypting-only-parts-of-a-file has many ways to partially encrypt files.
One risk is that the regex, prefix, or postfix doesn't account for new secrets, causing them to mistakenly be committed in plaintext.
I'd like for sops to either:
https://github.com/Yelp/detect-secrets has some definitions of entropy that could be useful references: Base64HighEntropyString and HexHighEntropyString.
The text was updated successfully, but these errors were encountered: