firefrost-gaming/claude-skills-reference
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8d5fd511c5aba2dd5b8f93cefa642e9fc68e16cf
claude-skills-reference/engineering/env-secrets-manager/references/secret-patterns.md

1.1 KiB
Raw Blame History

Secret Pattern Reference

Detection Categories

Critical

  • OpenAI-like keys (sk-...)
  • GitHub personal access tokens (ghp_...)
  • AWS access key IDs (AKIA...)

High

  • Slack tokens (xox...)
  • Private key PEM blocks
  • Hardcoded assignments to secret, token, password, api_key

Medium

  • JWT-like tokens in plaintext
  • Suspected credentials in docs/scripts that should be redacted

Severity Guidance

  • critical: immediate rotation required; treat as active incident
  • high: likely sensitive; investigate and rotate if real credential
  • medium: possible exposure; verify context and sanitize where needed

Response Playbook

  1. Revoke or rotate exposed credential.
  2. Identify blast radius (services, environments, users).
  3. Remove from code/history where possible.
  4. Add preventive controls (pre-commit hooks, CI secret scans).
  5. Verify monitoring and access logs for abuse.

Preventive Baseline

  • Commit only .env.example, never .env.
  • Keep .gitignore patterns for env and key material.
  • Use secret managers for staging/prod.
  • Redact sensitive values from logs and debug output.
Reference in New Issue View Git Blame Copy Permalink