Private Key
Description
This check detects private keys by determining whether commonly specified key attributes are present in the analyzed string.
- DSA PRIVATE KEY
- EC PRIVATE KEY
- OPENSSH PRIVATE KEY
- PGP PRIVATE KEY BLOCK
- PRIVATE KEY
- RSA PRIVATE KEY
- SSH2 ENCRYPTED PRIVATE KEY
- PuTTY-User-Key-File-2
Remediation
Multiple Services
. Revoke the exposed secret.
. Clean the git history. + Go under the settings section of your GitHub project and chose the change visibility button at the bottom.
. Inspect your application's access logs to ensure the key was not utilized during the compromised period.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1311 |
| Severity | MEDIUM |
| IaC Type | secrets |
| Frameworks | Git |
| Checkov ID | CKV_SECRET_13 |