en-US/PSSecretScanner-help.xml
|
<?xml version="1.0" encoding="utf-8"?>
<helpItems schema="maml" xmlns="http://msh"> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Find-Secret</command:name> <command:verb>Find</command:verb> <command:noun>Secret</command:noun> <maml:description> <maml:para>Scans for secrets in one or more folders or files.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This function scans for secrets accidently exposed in one or more folder(s) or file(s). It requires the config.json file containing regexes and file extensions to scan.</maml:para> <maml:para>You can select which output stream to use to make it behave the way you want to in a pipeline, Or output the result to pipeline as an object to wrap it in your own script.</maml:para> <maml:para>Excludelist can be used to ignore false positives Exclusions must then be in the format <Full\path\to\file.txt>;<linenumber>;<Line> Ex. "C:\MyFiles\template.json;51;-----BEGIN RSA PRIVATE KEY-----" "C:\MyRepo\MyModule.psm1:18:password = supersecret!!"</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Find-Secret</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none"> <maml:name>File</maml:name> <maml:description> <maml:para>This parameter should be used to scan single files.</maml:para> <maml:para>In some cases using the -Path parameter for single file scans alongside extension patterns behaves unexpected.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ConfigPath</maml:name> <maml:description> <maml:para>Path to the config.json file. If you change this, make sure the format of the custom one is correct.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>"$PSScriptRoot\config.json"</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Excludelist</maml:name> <maml:description> <maml:para>Path to exclude list.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>OutputPreference</maml:name> <maml:description> <maml:para>Set the stream to output data to, or output the Select-String object to create your own handling.</maml:para> </maml:description> <command:parameterValueGroup> <command:parameterValue required="false" command:variableLength="false">Output</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">Warning</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">Error</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">Object</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">IgnoreSecrets</command:parameterValue> </command:parameterValueGroup> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Error</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Find-Secret</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none"> <maml:name>Path</maml:name> <maml:description> <maml:para>The folders and files to scan. Folders are recursively scanned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>"$PWD"</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ConfigPath</maml:name> <maml:description> <maml:para>Path to the config.json file. If you change this, make sure the format of the custom one is correct.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>"$PSScriptRoot\config.json"</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Excludelist</maml:name> <maml:description> <maml:para>Path to exclude list.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Filetype</maml:name> <maml:description> <maml:para>Filetype(s) to scan. If this parameter is set we will only scan files of type in thes list. Use '*' to scan all filetypes. (This will even try to scan non clear text files, and may be slow.)</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>OutputPreference</maml:name> <maml:description> <maml:para>Set the stream to output data to, or output the Select-String object to create your own handling.</maml:para> </maml:description> <command:parameterValueGroup> <command:parameterValue required="false" command:variableLength="false">Output</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">Warning</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">Error</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">Object</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">IgnoreSecrets</command:parameterValue> </command:parameterValueGroup> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Error</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Recursive</maml:name> <maml:description> <maml:para>This parameter can be set to $false to prevent recursive folder scans *NOTE: Since this is a bool, set it by using `-Recursive:$false`</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue> <dev:type> <maml:name>Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ConfigPath</maml:name> <maml:description> <maml:para>Path to the config.json file. If you change this, make sure the format of the custom one is correct.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>"$PSScriptRoot\config.json"</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Excludelist</maml:name> <maml:description> <maml:para>Path to exclude list.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none"> <maml:name>File</maml:name> <maml:description> <maml:para>This parameter should be used to scan single files.</maml:para> <maml:para>In some cases using the -Path parameter for single file scans alongside extension patterns behaves unexpected.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Filetype</maml:name> <maml:description> <maml:para>Filetype(s) to scan. If this parameter is set we will only scan files of type in thes list. Use '*' to scan all filetypes. (This will even try to scan non clear text files, and may be slow.)</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>OutputPreference</maml:name> <maml:description> <maml:para>Set the stream to output data to, or output the Select-String object to create your own handling.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Error</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none"> <maml:name>Path</maml:name> <maml:description> <maml:para>The folders and files to scan. Folders are recursively scanned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>"$PWD"</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Recursive</maml:name> <maml:description> <maml:para>This parameter can be set to $false to prevent recursive folder scans *NOTE: Since this is a bool, set it by using `-Recursive:$false`</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue> <dev:type> <maml:name>Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- EXAMPLE 1 --------------------------</maml:title> <dev:code>Find-Secret</dev:code> <dev:remarks> <maml:para>This command will scan the current directory, $PWD, and all subfolders for secrets using the default config.json.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- EXAMPLE 2 --------------------------</maml:title> <dev:code>Find-Secret -Path c:\MyPowerShellFiles\, C:\MyBicepFiles\MyModule.bicep</dev:code> <dev:remarks> <maml:para>This command will scan the c:\MyPowerShellFiles\ directory recursively and the C:\MyBicepFiles\MyModule.bicep for secrets using the default config.json.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- EXAMPLE 3 --------------------------</maml:title> <dev:code>Find-Secret -Path c:\MyPowerShellFiles\ -Recurse:$False</dev:code> <dev:remarks> <maml:para>This command will scan only the c:\MyPowerShellFiles\ directory for secrets using the default config.json. Any subfolders will be excluded from scan.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- EXAMPLE 4 --------------------------</maml:title> <dev:code>Find-Secret -Path c:\MyPowerShellFiles\ -OutputPrefence Output</dev:code> <dev:remarks> <maml:para>This command will scan the c:\MyPowerShellFiles\ directory for secrets using the default config.json. Output will be made to the default Output stream instead of Error.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- EXAMPLE 5 --------------------------</maml:title> <dev:code>Find-Secret -Path c:\MyPowerShellFiles\ -OutputPrefence Object</dev:code> <dev:remarks> <maml:para>This command will scan the c:\MyPowerShellFiles\ directory recursively for secrets using the default config.json. Instead of outputting a string of the result to any stream, It will output a Select-String object that you can use in your own pipelines.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- EXAMPLE 6 --------------------------</maml:title> <dev:code>Find-Secret -Path c:\MyPowerShellFiles\ -Filetype 'bicep','.json'</dev:code> <dev:remarks> <maml:para>This command will scan the c:\MyPowerShellFiles\ directory recursively for secrets using the default config.json. It will only scan files with the '.bicep' or '.json' extensions</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- EXAMPLE 7 --------------------------</maml:title> <dev:code>Find-Secret -Path c:\MyPowerShellFiles\ -Filetype '*'</dev:code> <dev:remarks> <maml:para>This command will scan the c:\MyPowerShellFiles\ directory recursively for secrets using the default config.json. It will try to scan all filetypes in this folder including non clear text. This might be very slow.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- EXAMPLE 8 --------------------------</maml:title> <dev:code>Find-Secret -OutputPreference IgnoreSecrets | Out-File .\.ignoresecrets -Force</dev:code> <dev:remarks> <maml:para>This command will scan the current directory, $PWD, and all subfolders for secrets using the default config.json. It will output the result in the correct format for an ExcludeList, and output the result to a the .\.ignoresecrets file. If this file exists in a git root folder it will then be automatically read and used by Write-SecretStatus.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks /> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>New-PSSSConfig</command:name> <command:verb>New</command:verb> <command:noun>PSSSConfig</command:noun> <maml:description> <maml:para>Creates a new copy of the PSSecretScanner config.json file for custom configurations.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This function copies the current modules config.json to a path where you may customise it and include or exclude your own settings.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>New-PSSSConfig</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none"> <maml:name>Path</maml:name> <maml:description> <maml:para>Path where the config.json will be copied to.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none"> <maml:name>Path</maml:name> <maml:description> <maml:para>Path where the config.json will be copied to.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- EXAMPLE 1 --------------------------</maml:title> <dev:code>New-PSSSConfig -Path C:\MyPWSHRepo\MyCystomSecretScannerConfig.json This command will copy the default config.json to C:\MyPWSHRepo\MyCystomSecretScannerConfig.json.</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks /> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Write-SecretStatus</command:name> <command:verb>Write</command:verb> <command:noun>SecretStatus</command:noun> <maml:description> <maml:para>This command is created to get a quick and easy way of having secrets found shown in your prompt function. You can use it side by side with posh-git (https://github.com/dahlbyk/posh-git), or as a stand alone function.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This command is created to get a quick and easy way of having secrets found shown in your prompt function. You can use it side by side with posh-git (https://github.com/dahlbyk/posh-git), or as a stand alone function.</maml:para> <maml:para>---</maml:para> <maml:para>To add output to your default prompt, create or edit your prompt function and add `Write-SecretStatus` where you want it to show.</maml:para> <maml:para>---</maml:para> <maml:para>To add this to your posh-git prompt add the following to your `$PROFILE` script after the `Import-Module posh-git` statement! $GitPromptSettings.DefaultPromptBeforeSuffix.Text = ' $(Write-SecretStatus)'</maml:para> <maml:para>It will automatically set the output to red if secrets are found.</maml:para> <maml:para>If you have a file named `.ignoresecrets` in the rootfolder of your git repo it will use this for exclusions.</maml:para> <maml:para>---</maml:para> <maml:para>You may also add this to your oh-my-posh thing, but I don't use it and have no idea how that works.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Write-SecretStatus</maml:name> </command:syntaxItem> </command:syntax> <command:parameters /> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- EXAMPLE 8 --------------------------</maml:title> <dev:code>$GitRoot = git rev-parse --show-toplevel $IgnoreFile = Join-Path -Path $GitRoot -ChildPath '.ignoresecrets' Find-Secret -Path $GitRoot -OutputPreference IgnoreSecrets | Out-File $IgnoreFile -Force</dev:code> <dev:remarks> <maml:para>This command will find the root folder of the current git repo, and create a file called .ignoresecrets in it. It will output all secrets currently found in the repository in to that folder in the correct format for an ignore file. It will then automatically pick this file up as IgnoreFile when running Write-SecretStatus.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks /> </command:command> </helpItems> |