A simple tool to parse YAML files and attempt to detect if secrets are stored in them.
Named after Scott who (rightfully) flips tables when secrets are commited to config files but was away one day and needed a proxy.
Forked from yaml-lint
Secret and key management can be challenging if it's not already setup. Many legacy code bases have secrets or keys peppered through config files (or worse, hard coded - which is beyond the scope of this!). Detecting those keys quickly and easily, even if naively, is the goal of this project. For more information on best practices on storing keys see 12 Factor - Config
gem install roboscottCheck a file
roboscott config.ymlCheck all files, recursively, in a folder
roboscott my-legacy-app/By default, roboscott will redact any sensitive findings, to remove this use -u or --unredacted
roboscott my-legacy-app/config/database.yml
Running in unredacted mode
File my-legacy-app/config/database.yml - The value 'hunter2' for key 'password' looks sensitive