Skip to content

Commit 1e5ea56

Browse files
committed
fix: remove AZURE_CLIENT_ID and AZURE_TENANT_ID from HighRiskEnvKeys
These are public identifiers, not secrets. AZURE_CLIENT_SECRET remains. Reporting non-secret IDs at HIGH severity produces false positives for any user running az login interactively.
1 parent 3376409 commit 1e5ea56

1 file changed

Lines changed: 0 additions & 2 deletions

File tree

internal/scan/apikeys.go

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -44,8 +44,6 @@ var HighRiskEnvKeys = map[string]bool{
4444
"AWS_SESSION_TOKEN": true,
4545
"GOOGLE_APPLICATION_CREDENTIALS": true,
4646
"AZURE_CLIENT_SECRET": true,
47-
"AZURE_CLIENT_ID": true,
48-
"AZURE_TENANT_ID": true,
4947

5048
// Secrets managers (key to all other secrets)
5149
"VAULT_TOKEN": true, // HashiCorp Vault — grants access to all managed secrets

0 commit comments

Comments
 (0)