-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow secrets to be output when explicitly asked for using a flag #3090
Comments
Hi @Fennerr, we've talked internally about this possibility:
What do you think? |
@jfagoagas that makes sense. I did notice that What about having an option to store the lambda function's code in a The last account I was looking at, the check flagged for ~180 lambda functions. It takes a while cross-referencing prowler to the lambda in the account (and switching regions), and since the code was already downloaded when prowler ran, it would be nice to have an option to preserve the code. This would be an opt in option. It could also be part of how secrets scanning is handled in general in the future (with a multiprocessing pool for secrets detection checks - as these checks are often CPU intensive and don't benefit from multithreading pools) |
@Fennerr I'm not sure about saving code locally even with an option. I'm still don't get the benefits of having the source code just if it contains some plaintext secrets, but for sure you find value in that so we can discuss about it. |
New feature motivation
There are use cases when it would be useful for the secret values to be output to the file
It would help consultants whom have limited to to assess an account - and then they dont need to pull the source code for each lambda function (or look at the ones that are small enough in the console)
Solution Proposed
I havnt investigated on how to pass a cli option through to the check - but here is the pseudo-code on how to add the secret value to the output
if <some check for the "show_secrets" flag>:
would need to be updatedDescribe alternatives you've considered
None
Additional context
No response
The text was updated successfully, but these errors were encountered: