Lame secret detection detecting MS Azure own Azurite container default password #192059
Replies: 3 comments
-
|
💬 Your Product Feedback Has Been Submitted 🎉 Thank you for taking the time to share your insights with us! Your feedback is invaluable as we build a better GitHub experience for all our users. Here's what you can expect moving forward ⏩
Where to look to see what's shipping 👀
What you can do in the meantime 💻
As a member of the GitHub community, your participation is essential. While we can't promise that every suggestion will be implemented, we want to emphasize that your feedback is instrumental in guiding our decisions and priorities. Thank you once again for your contribution to making GitHub even better! We're grateful for your ongoing support and collaboration in shaping the future of our platform. ⭐ |
Beta Was this translation helpful? Give feedback.
-
|
Actually when you frame it that way, it almost sounds like the perfect password. 😇 |
Beta Was this translation helpful? Give feedback.
-
|
I get the frustration here. The Azurite default development key is public and commonly used in local examples, but it still matches the shape of an Azure Storage key, so secret scanning is likely being cautious by design. For now, I’d dismiss the alert as a false positive where GitHub allows it, and avoid committing the literal key in shared sample files if it keeps blocking push protection. A small helper that builds the local Azurite connection string during tests is often less noisy than storing the full default key in source. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
🏷️ Discussion Type
Bug
💬 Feature/Topic Area
Secret scanning
Discussion Details
Secret starting Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsu is a default Azurite local AccountKey and should not be detected by secret scanning. It is not a secret as it publicly known.
Beta Was this translation helpful? Give feedback.
All reactions