Code + Steampipe
Source code can be any string or data for querying.
Steampipe is an open source CLI to instantly query cloud APIs using SQL.
List instances in your Code account:
select secret_type, secret, authenticated, line, colfrom code_secretwhere src = E 'Mixed secrets are matched:\n' '* Slack: xoxp-5228148520-5228148525-1323104836872-10674849628c43b9d4b4660f7f9a7b65\n' '* AWS: AKIA4YFAKFKFYXTDS353\n' '* Basic auth: https://joe:passwd123@example.com/secret' '* Stripe: sk_live_tR3PYbcVNZZ796tH88S4VQ2u'order by secret_type;
+-------------------+---------------------------------------------------------------------------+-----------------+------+-----+| secret_type | secret | authenticated | line | col |+-------------------+---------------------------------------------------------------------------+-----------------+------+-----+| aws_access_key_id | AKIA4YFAKFKFYXTDS353 | not_implemented | 3 | 8 || basic_auth | https://joe:passwd123 | not_implemented | 4 | 15 || slack_api_token | xoxp-5228148520-5228148525-1323104836872-10674849628c43b9d4b4660f7f9a7b65 | unauthenticated | 2 | 10 || stripe_api_key | sk_live_tR3PYbcVNZZ796tH88S4VQ2u | unauthenticated | 5 | 11 |+-------------------+---------------------------------------------------------------------------+-----------------+------+-----+
Documentation
Get started
Install
Download and install the latest Code plugin:
steampipe plugin install code
Credentials
No credentials are required.
Configuration
Installing the latest code plugin will create a config file (~/.steampipe/config/code.spc
) with a single connection named code
.
connection "code" { plugin = "code"}
Supported secret types
Secret | Slug | Authentication |
---|---|---|
AWS Access Key ID | aws_access_key_id | Available |
Azure Storage Account Key | azure_storage_account_key | N/A |
Basic Auth | basic_auth | N/A |
Facebook Access Token | facebook_access_token | N/A |
Facebook OAuth | facebook_oauth | N/A |
Facebook Secret Key | facebook_secret_key | N/A |
GitHub App Token | github_app_token | N/A |
GitHub OAuth Access Token | github_oauth_access_token | N/A |
GitHub Personal Access Token | github_personal_access_token | N/A |
GitHub Refresh Token | github_refresh_token | N/A |
Google API Key | google_api_key | N/A |
JWT | jwt | N/A |
Mailchimp Access Key | mailchimp_access_key | Available |
Okta Token | okta_token | N/A |
Slack API Token | slack_api_token | Available |
Stripe API Key | stripe_api_key | Available |
Twilio Auth Token | twilio_auth_token | N/A |
Twitter Secret Key | twitter_secret_key | N/A |
Authentication Status
For secret types that support authentication, the results are returned in the authenticated
column with one of the following values:
authenticated
: Secret is activeunauthenticated
: Secret is inactivenot_implemented
: Secret was not tested due to lack of authentication functionunknown
: Secret was tested but results were inconclusive
Credits
- The
code_secret
table is based on Yelp's detect secrets project. The general matching approach and regular expressions are copied and based on their amazing work.
Get involved
- Open source: https://github.com/turbot/steampipe-plugin-code
- Community: Slack Channel