Project

roboscott

0.0
No commit activity in last 3 years
No release in over 3 years
roboscottelliotrushton/roboscottHomepageDocumentationSource CodeBug TrackerWiki
Check if YAML files contain secrets that should be in ENV
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
 Popularity
Downloads
2,344
Stars
0
Forks
0
Watchers
1
 Releases
Current version
0.0.1
Total releases
1
First release
2017-11-20
Latest release
2017-11-20
 Development
Primary Language
Ruby
Licenses
MIT
Average date of last 50 commits
2017-11-21
Reverse Dependencies
0

 Dependencies
 Project Readme

Roboscott

Image of Robo Scott

A simple tool to parse YAML files and attempt to detect if secrets are stored in them.

Named after Scott who (rightfully) flips tables when secrets are commited to config files but was away one day and needed a proxy.

Forked from yaml-lint

Motivation

Secret and key management can be challenging if it's not already setup. Many legacy code bases have secrets or keys peppered through config files (or worse, hard coded - which is beyond the scope of this!). Detecting those keys quickly and easily, even if naively, is the goal of this project. For more information on best practices on storing keys see 12 Factor - Config

Install

gem install roboscott

Usage

Check a file

roboscott config.yml

Check all files, recursively, in a folder

roboscott my-legacy-app/

By default, roboscott will redact any sensitive findings, to remove this use -u or --unredacted

roboscott my-legacy-app/config/database.yml
Running in unredacted mode
File my-legacy-app/config/database.yml - The value 'hunter2' for key 'password' looks sensitive