Match by regex

[clemlesne]

It would be useful to hide secret by testing case-insensitive regex rules than today.

A false positive is better than a pawn :)

Integration proposal

Today, code implements a strict includes test (see https://github.com/eashi/hide-my-secrets/blob/7950e37817c710e791ad2fd337d2f5f603e3454c/src/extension.ts#L82C4-L82C40).

This new impleemntation could be achieved by using RegExp class:

let test = new RegExp(keyValue, 'i');  // Case insensitive match on purpose

if (test.test(secretKeys)) {
    // ...
}

Plus, the default configuration can be updated to:

"hide-my-secrets.secretKeys": [
    "(secret|password|token|key)"
],

Optionally, regex rules can be compiled and cached.

Issue example

Config extract:

"hide-my-secrets.secretKeys": [
    "password"
],

My secret config;

env:
    COSIGN_PASSWORD: xxx. # This is visible
    password: xxx  # This is hidden

Related

• More keys by default #13 (deprecated if this one is selected)

[eashi]

Hi @clemlesne ,

Sounds like a good suggestion! You can create a PR for this so that you can have name as a contributor in the git history.
If you find it too much work let me know, I can do it :).

[eashi]

@clemlesne can you check the PR #15 ? Is this what you had in mind?