en-US/PSSecretScanner-help.xml
|
<?xml version="1.0" encoding="utf-8"?>
<helpItems schema="maml" xmlns="http://msh"> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Find-Secret</command:name> <command:verb>Find</command:verb> <command:noun>Secret</command:noun> <maml:description> <maml:para>Scans for secrets in one or more folders or files.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This function scans for secrets accidently exposed in one or more folder(s) or file(s). It requires the config.json file containing regexes and file extensions to scan.</maml:para> <maml:para>You can select which output stream to use to make it behave the way you want to in a pipeline, Or output the result to pipeline as an object to wrap it in your own script.</maml:para> <maml:para>Excludelist can be used to ignore false positives Exclusions must then be in the format <Full\path\to\file.txt>;<linenumber>;<Line> Ex. "C:\MyFiles\template.json;51;-----BEGIN RSA PRIVATE KEY-----" "C:\MyRepo\MyModule.psm1:18:password = supersecret!!"</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Find-Secret</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none"> <maml:name>File</maml:name> <maml:description> <maml:para>This parameter should be used to scan single files.</maml:para> <maml:para>In some cases using the -Path parameter for single file scans alongside extension patterns behaves unexpected.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ConfigPath</maml:name> <maml:description> <maml:para>Path to the config.json file. If you change this, make sure the format of the custom one is correct.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>"$PSScriptRoot\config.json"</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Excludelist</maml:name> <maml:description> <maml:para>Path to exclude list.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>OutputPreference</maml:name> <maml:description> <maml:para>Set the stream to output data to, or output the Select-String object to create your own handling.</maml:para> </maml:description> <command:parameterValueGroup> <command:parameterValue required="false" command:variableLength="false">Output</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">Warning</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">Error</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">Object</command:parameterValue> </command:parameterValueGroup> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Error</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Find-Secret</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none"> <maml:name>Path</maml:name> <maml:description> <maml:para>The folders and files to scan. Folders are recursively scanned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>"$PWD"</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ConfigPath</maml:name> <maml:description> <maml:para>Path to the config.json file. If you change this, make sure the format of the custom one is correct.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>"$PSScriptRoot\config.json"</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Excludelist</maml:name> <maml:description> <maml:para>Path to exclude list.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Filetype</maml:name> <maml:description> <maml:para>Filetype(s) to scan. If this parameter is set we will only scan files of type in thes list. Use '*' to scan all filetypes. (This will even try to scan non clear text files, and may be slow.)</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>OutputPreference</maml:name> <maml:description> <maml:para>Set the stream to output data to, or output the Select-String object to create your own handling.</maml:para> </maml:description> <command:parameterValueGroup> <command:parameterValue required="false" command:variableLength="false">Output</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">Warning</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">Error</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">Object</command:parameterValue> </command:parameterValueGroup> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Error</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Recursive</maml:name> <maml:description> <maml:para>This parameter can be set to $false to prevent recursive folder scans *NOTE: Since this is a bool, set it by using `-Recursive:$false`</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue> <dev:type> <maml:name>Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ConfigPath</maml:name> <maml:description> <maml:para>Path to the config.json file. If you change this, make sure the format of the custom one is correct.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>"$PSScriptRoot\config.json"</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Excludelist</maml:name> <maml:description> <maml:para>Path to exclude list.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none"> <maml:name>File</maml:name> <maml:description> <maml:para>This parameter should be used to scan single files.</maml:para> <maml:para>In some cases using the -Path parameter for single file scans alongside extension patterns behaves unexpected.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Filetype</maml:name> <maml:description> <maml:para>Filetype(s) to scan. If this parameter is set we will only scan files of type in thes list. Use '*' to scan all filetypes. (This will even try to scan non clear text files, and may be slow.)</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>OutputPreference</maml:name> <maml:description> <maml:para>Set the stream to output data to, or output the Select-String object to create your own handling.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Error</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none"> <maml:name>Path</maml:name> <maml:description> <maml:para>The folders and files to scan. Folders are recursively scanned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>"$PWD"</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Recursive</maml:name> <maml:description> <maml:para>This parameter can be set to $false to prevent recursive folder scans *NOTE: Since this is a bool, set it by using `-Recursive:$false`</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue> <dev:type> <maml:name>Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- EXAMPLE 1 --------------------------</maml:title> <dev:code>Find-Secret</dev:code> <dev:remarks> <maml:para>This command will scan the current directory, $PWD, and all subfolders for secrets using the default config.json.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- EXAMPLE 2 --------------------------</maml:title> <dev:code>Find-Secret -Path c:\MyPowerShellFiles\, C:\MyBicepFiles\MyModule.bicep</dev:code> <dev:remarks> <maml:para>This command will scan the c:\MyPowerShellFiles\ directory recursively and the C:\MyBicepFiles\MyModule.bicep for secrets using the default config.json.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- EXAMPLE 3 --------------------------</maml:title> <dev:code>Find-Secret -Path c:\MyPowerShellFiles\ -Recurse:$False</dev:code> <dev:remarks> <maml:para>This command will scan only the c:\MyPowerShellFiles\ directory for secrets using the default config.json. Any subfolders will be excluded from scan.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- EXAMPLE 4 --------------------------</maml:title> <dev:code>Find-Secret -Path c:\MyPowerShellFiles\ -OutputPrefence Output</dev:code> <dev:remarks> <maml:para>This command will scan the c:\MyPowerShellFiles\ directory for secrets using the default config.json. Output will be made to the default Output stream instead of Error.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- EXAMPLE 5 --------------------------</maml:title> <dev:code>Find-Secret -Path c:\MyPowerShellFiles\ -OutputPrefence Object</dev:code> <dev:remarks> <maml:para>This command will scan the c:\MyPowerShellFiles\ directory recursively for secrets using the default config.json. Instead of outputting a string of the result to any stream, It will output a Select-String object that you can use in your own pipelines.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- EXAMPLE 6 --------------------------</maml:title> <dev:code>Find-Secret -Path c:\MyPowerShellFiles\ -Filetype 'bicep','.json'</dev:code> <dev:remarks> <maml:para>This command will scan the c:\MyPowerShellFiles\ directory recursively for secrets using the default config.json. It will only scan files with the '.bicep' or '.json' extensions</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- EXAMPLE 7 --------------------------</maml:title> <dev:code>Find-Secret -Path c:\MyPowerShellFiles\ -Filetype '*'</dev:code> <dev:remarks> <maml:para>This command will scan the c:\MyPowerShellFiles\ directory recursively for secrets using the default config.json. It will try to scan all filetypes in this folder including non clear text. This might be very slow.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks /> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>New-PSSSConfig</command:name> <command:verb>New</command:verb> <command:noun>PSSSConfig</command:noun> <maml:description> <maml:para>Creates a new copy of the PSSecretScanner config.json file for custom configurations.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This function copies the current modules config.json to a path where you may customise it and include or exclude your own settings.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>New-PSSSConfig</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none"> <maml:name>Path</maml:name> <maml:description> <maml:para>Path where the config.json will be copied to.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none"> <maml:name>Path</maml:name> <maml:description> <maml:para>Path where the config.json will be copied to.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- EXAMPLE 1 --------------------------</maml:title> <dev:code>New-PSSSConfig -Path C:\MyPWSHRepo\MyCystomSecretScannerConfig.json This command will copy the default config.json to C:\MyPWSHRepo\MyCystomSecretScannerConfig.json.</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks /> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Write-SecretStatus</command:name> <command:verb>Write</command:verb> <command:noun>SecretStatus</command:noun> <maml:description> <maml:para>This command is created to get a quick and easy way of having secrets found shown in your prompt function. You can use it side by side with posh-git (https://github.com/dahlbyk/posh-git), or as a stand alone function.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This command is created to get a quick and easy way of having secrets found shown in your prompt function. You can use it side by side with posh-git (https://github.com/dahlbyk/posh-git), or as a stand alone function.</maml:para> <maml:para>---</maml:para> <maml:para>To add output to your default prompt, create or edit your prompt function and add `Write-SecretStatus` where you want it to show.</maml:para> <maml:para>---</maml:para> <maml:para>To add this to your posh-git prompt add the following to your `$PROFILE` script after the `Import-Module posh-git` statement! $GitPromptSettings.DefaultPromptBeforeSuffix.Text = ' $(Write-SecretStatus)'</maml:para> <maml:para>You may also change the default white console output colour by running $GitPromptSettings.DefaultPromptBeforeSuffix.ForegroundColor = 'LightBlue' # or any other colour of choice..</maml:para> <maml:para>---</maml:para> <maml:para>You may also add this to your oh-my-posh thing, but I don't use it and have no idea how that works.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Write-SecretStatus</maml:name> </command:syntaxItem> </command:syntax> <command:parameters /> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples /> <command:relatedLinks /> </command:command> </helpItems> |