Find secrets with regular expressions

org.openrewrite.java.security.secrets.FindSecretsByPattern

A secret is a literal that matches any one of the provided patterns.

Recipe source

GitHub, Issue Tracker, Maven Central

  • groupId: org.openrewrite.recipe

  • artifactId: rewrite-java-security

  • version: 2.5.2

Options

TypeNameDescriptionExample

String

secretName

The type of secret that this recipe is looking for.

AWS Access Key

String

keyPattern

Optional. A regular expression to match a 'key' against. For example, a key

[a-zA-Z0-9+\/=]{88}

String

valuePattern

A regular expression to search for.

[a-zA-Z0-9+\/=]{88}

Usage

This recipe has required configuration parameters. Recipes with required configuration parameters cannot be activated directly. To activate this recipe you must create a new recipe which fills in the required parameters. In your rewrite.yml create a new recipe with a unique name. For example: com.yourorg.FindSecretsByPatternExample. Here's how you can define and customize such a recipe within your rewrite.yml:

rewrite.yml
---
type: specs.openrewrite.org/v1beta/recipe
name: com.yourorg.FindSecretsByPatternExample
displayName: Find secrets with regular expressions example
recipeList:
  - org.openrewrite.java.security.secrets.FindSecretsByPattern:
      secretName: AWS Access Key
      keyPattern: '[a-zA-Z0-9+\/=]{88}'
      valuePattern: '[a-zA-Z0-9+\/=]{88}'

Now that com.yourorg.FindSecretsByPatternExample has been defined activate it and take a dependency on org.openrewrite.recipe:rewrite-java-security:2.5.2 in your build file:

  1. Add the following to your build.gradle file:

build.gradle
plugins {
    id("org.openrewrite.rewrite") version("6.10.0")
}

rewrite {
    activeRecipe("com.yourorg.FindSecretsByPatternExample")
}

repositories {
    mavenCentral()
}

dependencies {
    rewrite("org.openrewrite.recipe:rewrite-java-security:2.5.2")
}
  1. Run gradle rewriteRun to run the recipe.

See how this recipe works across multiple open-source repositories

The community edition of the Moderne platform enables you to easily run recipes across thousands of open-source repositories.

Please contact Moderne for more information about safely running the recipes on your own codebase in a private SaaS.

Contributors

Jonathan Schnéider, Knut Wannheden

Last updated