turbot/code

GitHub
steampipe plugin install codesteampipe plugin install code

Code + Steampipe

Source code can be any string or data for querying.

Steampipe is an open source CLI to instantly query cloud APIs using SQL.

List instances in your Code account:

select
secret_type,
secret,
authenticated,
line,
col
from
code_secret
where
src = E 'Mixed secrets are matched:\n' '* Slack: xoxp-5228148520-5228148525-1323104836872-10674849628c43b9d4b4660f7f9a7b65\n' '* AWS: AKIA4YFAKFKFYXTDS353\n' '* Basic auth: https://joe:passwd123@example.com/secret' '* Stripe: sk_live_tR3PYbcVNZZ796tH88S4VQ2u'
order by
secret_type;
+-------------------+---------------------------------------------------------------------------+-----------------+------+-----+
| secret_type | secret | authenticated | line | col |
+-------------------+---------------------------------------------------------------------------+-----------------+------+-----+
| aws_access_key_id | AKIA4YFAKFKFYXTDS353 | not_implemented | 3 | 8 |
| basic_auth | https://joe:passwd123 | not_implemented | 4 | 15 |
| slack_api_token | xoxp-5228148520-5228148525-1323104836872-10674849628c43b9d4b4660f7f9a7b65 | unauthenticated | 2 | 10 |
| stripe_api_key | sk_live_tR3PYbcVNZZ796tH88S4VQ2u | unauthenticated | 5 | 11 |
+-------------------+---------------------------------------------------------------------------+-----------------+------+-----+

Documentation

Get started

Install

Download and install the latest Code plugin:

steampipe plugin install code

Credentials

No credentials are required.

Configuration

Installing the latest code plugin will create a config file (~/.steampipe/config/code.spc) with a single connection named code.

connection "code" {
plugin = "code"
}

Supported secret types

SecretSlugAuthentication
AWS Access Key IDaws_access_key_idAvailable
Azure Storage Account Keyazure_storage_account_keyN/A
Basic Authbasic_authN/A
Facebook Access Tokenfacebook_access_tokenN/A
Facebook OAuthfacebook_oauthN/A
Facebook Secret Keyfacebook_secret_keyN/A
GitHub App Tokengithub_app_tokenN/A
GitHub OAuth Access Tokengithub_oauth_access_tokenN/A
GitHub Personal Access Tokengithub_personal_access_tokenN/A
GitHub Refresh Tokengithub_refresh_tokenN/A
Google API Keygoogle_api_keyN/A
JWTjwtN/A
Mailchimp Access Keymailchimp_access_keyAvailable
Okta Tokenokta_tokenN/A
Slack API Tokenslack_api_tokenAvailable
Stripe API Keystripe_api_keyAvailable
Twilio Auth Tokentwilio_auth_tokenN/A
Twitter Secret Keytwitter_secret_keyN/A

Authentication Status

For secret types that support authentication, the results are returned in the authenticated column with one of the following values:

  • authenticated: Secret is active
  • unauthenticated: Secret is inactive
  • not_implemented: Secret was not tested due to lack of authentication function
  • unknown: Secret was tested but results were inconclusive

Credits

  • The code_secret table is based on Yelp's detect secrets project. The general matching approach and regular expressions are copied and based on their amazing work.

Get involved