Ignore rules
You can configure to skip detected risks based on various parameters. To do that, create a yaml file, see the example below, and put it into path where Vault Radar will be able to find.
Where to create the file
Create a $HOME/.hashicorp/vault-radar/ignore.yaml
file or relative to your working repository root .hashicorp/vault-radar/ignore.yaml
.
Example
# Ignore by file path- paths: - "**/*_test.go" - cli/cmd/default-nil-config.yaml - cli/cmd/data/* # Ignore by secret value# Equivalent to 'secret_value == my_password OR secret_value == my_token'- secret_values: - my_password - my_token # Ignore by secret type# Equivalent to 'secret_type == password_assignment OR secret_type == secret_assignment'- secret_types: [password_assignment, secret_assignment]
Field descriptions
Field | Description |
---|---|
paths | To skip risks found in particular files, add the rule to paths section. Each entry can be a concrete file path or a glob mask. |
secret_values | To skip particular values, add the rule to secret_values section. Each entry is a regex, if the risk value matches the regex, it will be ignored. |
secret_types | To skip particular types, add the rule to secret_types section. Each entry is a regex, if the risk value matches the regex, it will be ignored. |