Detecting security keys (original) (raw)

You should never store security keys in a version-control system. Cloud Source Repositories can help you prevent users from storing security keys in a Google Cloud repository. Cloud Source Repositories can check for the following types of security keys:

This checking feature is available for all repositories at no charge.

How the security-key checking feature works

When a user executes a git push command, the checking feature looks for data that might be a security key. If a match is found, the feature blocks the gitpush and notifies users what was found and where. For example:

The push has been rejected because we detect that it contains a private key. Please check the following commands and confirm that it's intentional:

git show [COMMIT]

You can use git rev-list --objects --all to find the files.

To push these files, please run git push -o nokeycheck.

Before you begin

In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

Roles required to select or create a project

Go to project selector

Disable security key detection

To disable security key detection, use the following gcloud command:

    gcloud init
    gcloud source project-configs update --disable-pushblock

Enable security key detection

To enable private key detection, use the following gcloud command:

    gcloud init
    gcloud source project-configs update --enable-pushblock

Override security key detection

To override the security key detection feature, use the following gitcommand:

    git push -o nokeycheck

What's next

After you set up a Google Cloud repository, you might find the following topics helpful: