en-US/PSSecretScanner-help.xml
<?xml version="1.0" encoding="utf-8"?>
<helpItems schema="maml" xmlns="http://msh"> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Find-Secret</command:name> <command:verb>Find</command:verb> <command:noun>Secret</command:noun> <maml:description> <maml:para>Scans for secrets in one or more folders or files.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This function scans for secrets accidently exposed in one or more folder(s) or file(s). It requires the config.json file containing regexes and file extensions to scan.</maml:para> <maml:para>You can select which output stream to use to make it behave the way you want to in a pipeline, Or output the result to pipeline as an object to wrap it in your own script.</maml:para> <maml:para>Excludelist can be used to ignore false positives.</maml:para> <maml:para>Exclusions can be in the format > <Full\path\to\file.txt>;<linenumber>;<Line></maml:para> <maml:para>Ex.</maml:para> <maml:para>> "C:\MyFiles\template.json;51;-----BEGIN RSA PRIVATE KEY-----" > "C:\MyRepo\MyModule.psm1:18:password = supersecret!!"</maml:para> <maml:para>or excluding entire files Ex.</maml:para> <maml:para>> "C:\MyFiles\template.json"</maml:para> <maml:para>or excluding entire folders and all subfolders / files Ex.</maml:para> <maml:para>> "C:\MyFiles\*"</maml:para> <maml:para>Relativ paths are also supported (relative to the ignorefile)</maml:para> <maml:para>> ".\MySubFolder\*"</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Find-Secret</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none"> <maml:name>File</maml:name> <maml:description> <maml:para>This parameter should be used to scan single files.</maml:para> <maml:para>In some cases using the -Path parameter for single file scans alongside extension patterns behaves unexpected.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ConfigPath</maml:name> <maml:description> <maml:para>Path to the config.json file. If you change this, make sure the format of the custom one is correct.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>"$PSScriptRoot\config.json"</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Excludelist</maml:name> <maml:description> <maml:para>Path to exclude list.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Find-Secret</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none"> <maml:name>Path</maml:name> <maml:description> <maml:para>The folders and files to scan. Folders are recursively scanned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>"$PWD"</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ConfigPath</maml:name> <maml:description> <maml:para>Path to the config.json file. If you change this, make sure the format of the custom one is correct.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>"$PSScriptRoot\config.json"</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Excludelist</maml:name> <maml:description> <maml:para>Path to exclude list.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Filetype</maml:name> <maml:description> <maml:para>Filetype(s) to scan. If this parameter is set we will only scan files of type in thes list. Use '*' to scan all filetypes. (This will even try to scan non clear text files, and may be slow.)</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>NoRecurse</maml:name> <maml:description> <maml:para>Prevent recursive scan. If this switch is set we will only scan the given folder, no subfolders.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ConfigPath</maml:name> <maml:description> <maml:para>Path to the config.json file. If you change this, make sure the format of the custom one is correct.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>"$PSScriptRoot\config.json"</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Excludelist</maml:name> <maml:description> <maml:para>Path to exclude list.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none"> <maml:name>File</maml:name> <maml:description> <maml:para>This parameter should be used to scan single files.</maml:para> <maml:para>In some cases using the -Path parameter for single file scans alongside extension patterns behaves unexpected.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Filetype</maml:name> <maml:description> <maml:para>Filetype(s) to scan. If this parameter is set we will only scan files of type in thes list. Use '*' to scan all filetypes. (This will even try to scan non clear text files, and may be slow.)</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>NoRecurse</maml:name> <maml:description> <maml:para>Prevent recursive scan. If this switch is set we will only scan the given folder, no subfolders.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none"> <maml:name>Path</maml:name> <maml:description> <maml:para>The folders and files to scan. Folders are recursively scanned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>"$PWD"</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- EXAMPLE 1 --------------------------</maml:title> <dev:code>Find-Secret</dev:code> <dev:remarks> <maml:para>This command will scan the current directory, $PWD, and all subfolders for secrets using the default config.json.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- EXAMPLE 2 --------------------------</maml:title> <dev:code>Find-Secret -Path c:\MyPowerShellFiles\, C:\MyBicepFiles\MyModule.bicep</dev:code> <dev:remarks> <maml:para>This command will scan the c:\MyPowerShellFiles\ directory recursively and the C:\MyBicepFiles\MyModule.bicep for secrets using the default config.json.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- EXAMPLE 3 --------------------------</maml:title> <dev:code>Find-Secret -Path c:\MyPowerShellFiles\ -NoRecurse</dev:code> <dev:remarks> <maml:para>This command will scan only the c:\MyPowerShellFiles\ directory for secrets using the default config.json. Any subfolders will be excluded from scan.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- EXAMPLE 4 --------------------------</maml:title> <dev:code>Find-Secret -Path c:\MyPowerShellFiles\ -Filetype 'bicep','.json'</dev:code> <dev:remarks> <maml:para>This command will scan the c:\MyPowerShellFiles\ directory recursively for secrets using the default config.json. It will only scan files with the '.bicep' or '.json' extensions</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- EXAMPLE 5 --------------------------</maml:title> <dev:code>Find-Secret -Path c:\MyPowerShellFiles\ -Filetype '*'</dev:code> <dev:remarks> <maml:para>This command will scan the c:\MyPowerShellFiles\ directory recursively for secrets using the default config.json. It will try to scan all filetypes in this folder including non clear text. This might be very slow.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>PSSecretScanner on GitHub</maml:linkText> <maml:uri>https://github.com/bjompen/PSSecretScanner</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>New-PSSSConfig</command:name> <command:verb>New</command:verb> <command:noun>PSSSConfig</command:noun> <maml:description> <maml:para>Creates a new copy of the PSSecretScanner config.json file for custom configurations.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This function copies the current modules config.json to a path where you may customise it and include or exclude your own settings.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>New-PSSSConfig</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none"> <maml:name>Path</maml:name> <maml:description> <maml:para>Path where the config.json will be copied to.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none"> <maml:name>Path</maml:name> <maml:description> <maml:para>Path where the config.json will be copied to.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- EXAMPLE 1 --------------------------</maml:title> <dev:code>New-PSSSConfig -Path C:\MyPWSHRepo\MyCystomSecretScannerConfig.json This command will copy the default config.json to C:\MyPWSHRepo\MyCystomSecretScannerConfig.json.</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks /> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Write-SecretStatus</command:name> <command:verb>Write</command:verb> <command:noun>SecretStatus</command:noun> <maml:description> <maml:para>This command is created to get a quick and easy way of having secrets found shown in your prompt function. You can use it side by side with posh-git (https://github.com/dahlbyk/posh-git), or as a stand alone function.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This command is created to get a quick and easy way of having secrets found shown in your prompt function. You can use it side by side with posh-git (https://github.com/dahlbyk/posh-git), or as a stand alone function.</maml:para> <maml:para>---</maml:para> <maml:para>To add output to your default prompt, create or edit your prompt function and add `Write-SecretStatus` where you want it to show.</maml:para> <maml:para>---</maml:para> <maml:para>To add this to your posh-git prompt add the following to your `$PROFILE` script after the `Import-Module posh-git` statement! $GitPromptSettings.DefaultPromptBeforeSuffix.Text = ' $(Write-SecretStatus)'</maml:para> <maml:para>It will automatically set the output to red if secrets are found.</maml:para> <maml:para>If you have a file named `.ignoresecrets` in the rootfolder of your git repo it will use this for exclusions.</maml:para> <maml:para>---</maml:para> <maml:para>You may also add this to your oh-my-posh thing, but I don't use it and have no idea how that works.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Write-SecretStatus</maml:name> </command:syntaxItem> </command:syntax> <command:parameters /> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- EXAMPLE 8 --------------------------</maml:title> <dev:code>$GitRoot = git rev-parse --show-toplevel $IgnoreFile = Join-Path -Path $GitRoot -ChildPath '.ignoresecrets' Find-Secret -Path $GitRoot -OutputPreference IgnoreSecrets | Out-File $IgnoreFile -Force</dev:code> <dev:remarks> <maml:para>This command will find the root folder of the current git repo, and create a file called .ignoresecrets in it. It will output all secrets currently found in the repository in to that folder in the correct format for an ignore file. It will then automatically pick this file up as IgnoreFile when running Write-SecretStatus.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks /> </command:command> </helpItems> |