steampipe plugin install codesteampipe plugin install code

Code + Steampipe

Source code can be any string or data for querying.

Steampipe is an open-source zero-ETL engine to instantly query cloud APIs using SQL.

List secrets from text:

select
  secret_type,
  secret,
  authenticated,
  line,
  col
from
  code_secret
where
  src = E 'Mixed secrets are matched:\n' '* Slack: xoxp-5228148520-5228148525-1323104836872-10674849628c43b9d4b4660f7f9a7b65\n' '* AWS: AKIA4YFAKFKFYXTDS353\n' '* Basic auth: https://joe:passwd123@example.com/secret' '* Stripe: sk_live_tR3PYbcVNZZ796tH88S4VQ2u'
order by
  secret_type;

+-------------------+---------------------------------------------------------------------------+-----------------+------+-----+
| secret_type       | secret                                                                    | authenticated   | line | col |
+-------------------+---------------------------------------------------------------------------+-----------------+------+-----+
| aws_access_key_id | AKIA4YFAKFKFYXTDS353                                                      | not_implemented | 3    | 8   |
| basic_auth        | https://joe:passwd123                                                     | not_implemented | 4    | 15  |
| slack_api_token   | xoxp-5228148520-5228148525-1323104836872-10674849628c43b9d4b4660f7f9a7b65 | unauthenticated | 2    | 10  |
| stripe_api_key    | sk_live_tR3PYbcVNZZ796tH88S4VQ2u                                          | unauthenticated | 5    | 11  |
+-------------------+---------------------------------------------------------------------------+-----------------+------+-----+

Documentation

Table definitions & examples →

Get started

Install

Download and install the latest Code plugin:

steampipe plugin install code

Credentials

No credentials are required.

Configuration

Installing the latest code plugin will create a config file (~/.steampipe/config/code.spc) with a single connection named code.

connection "code" {
  plugin = "code"
}

Supported secret types

Secret	Slug	Authentication
AWS Access Key ID	aws_access_key_id	Available
Azure Storage Account Key	azure_storage_account_key	N/A
Basic Auth	basic_auth	N/A
Facebook Access Token	facebook_access_token	N/A
Facebook OAuth	facebook_oauth	N/A
Facebook Secret Key	facebook_secret_key	N/A
GitHub App Token	github_app_token	N/A
GitHub OAuth Access Token	github_oauth_access_token	N/A
GitHub Personal Access Token	github_personal_access_token	N/A
GitHub Refresh Token	github_refresh_token	N/A
Google API Key	google_api_key	N/A
JWT	jwt	N/A
Mailchimp Access Key	mailchimp_access_key	Available
Okta Token	okta_token	N/A
Slack API Token	slack_api_token	Available
Stripe API Key	stripe_api_key	Available
Twilio Auth Token	twilio_auth_token	N/A
Twitter Secret Key	twitter_secret_key	N/A

Authentication Status

For secret types that support authentication, the results are returned in the authenticated column with one of the following values:

authenticated: Secret is active
unauthenticated: Secret is inactive
not_implemented: Secret was not tested due to lack of authentication function
unknown: Secret was tested but results were inconclusive

Credits

The code_secret table is based on Yelp's detect secrets project. The general matching approach and regular expressions are copied and based on their amazing work.

Postgres FDW

This plugin is available as a native Postgres FDW. Unlike Steampipe CLI, which ships with an embedded Postgres server instance, the Postgres FDW can be installed in any supported Postgres database version.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_postgres_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/postgres.sh)" -- code

The installer will prompt you for the plugin name and version, download and install the appropriate files for your OS, system architecture, and Postgres version.

To configure the Postgres FDW, you will create an extension, foreign server, and schema and import the foreign schema.

CREATE EXTENSION IF NOT EXISTS steampipe_postgres_code;
CREATE SERVER steampipe_code FOREIGN DATA WRAPPER steampipe_postgres_code OPTIONS (config '<your_config>');
CREATE SCHEMA code;
IMPORT FOREIGN SCHEMA code FROM SERVER steampipe_code INTO code;

SQLite Extension

This plugin is available as a SQLite Extension, making the tables available as SQLite virtual tables.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_sqlite_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/sqlite.sh)" -- code

The installer will prompt you for the plugin name, version, and destination directory. It will then determine the OS and system architecture, and it will download and install the appropriate package.

To configure the SQLite extension, load the extension module and then run the steampipe_configure_code function to configure it with plugin-specific options.

$ sqlite3
sqlite> .load ./steampipe_sqlite_extension_code.so
sqlite> select steampipe_configure_code('<your_config>');

Export

This plugin is available as a standalone Export CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- code

You can pass the configuration to the command with the --config argument:

steampipe_export_code --config '<your_config>' <table_name>