Skip to content

Instantly share code, notes, and snippets.

@hsuh
Created January 20, 2017 12:26
Show Gist options
  • Save hsuh/88360eeadb0e8f7136c37fd46a62ee10 to your computer and use it in GitHub Desktop.
Save hsuh/88360eeadb0e8f7136c37fd46a62ee10 to your computer and use it in GitHub Desktop.
url - https://aws.amazon.com/blogs/security/a-safer-way-to-distribute-aws-credentials-to-ec2/
Finding hard-coded credentials in your code
Hopefully you’re excited about deploying credentials to EC2 that are automatically rotated. Now that you’re using Roles, a good security practice would be to go through your code and remove any references to AKID/Secret. We suggest running the following regular expressions against your code base:
Search for access key IDs: (?<![A-Z0-9])[A-Z0-9]{20}(?![A-Z0-9]). In English, this regular expression says: Find me 20-character, uppercase, alphanumeric strings that don’t have any uppercase, alphanumeric characters immediately before or after.
Search for secret access keys: (?<![A-Za-z0-9/+=])[A-Za-z0-9/+=]{40}(?![A-Za-z0-9/+=]). In English, this regular expression says: Find me 40-character, base-64 strings that don’t have any base 64 characters immediately before or after.
If grep is your preferred tool, run a recursive, Perl-compatible search using the following commands:
grep -RP '(?<![A-Z0-9])[A-Z0-9]{20}(?![A-Z0-9])' *
grep -RP '(?<![A-Za-z0-9/+=])[A-Za-z0-9/+=]{40}(?![A-Za-z0-9/+=])' *
@gtbX
Copy link

gtbX commented Apr 10, 2024

egrep versions for grep implementations that don't support -P (i.e. macOS):

grep -re '[^A-Z0-9][A-Z0-9]{20}[^A-Z0-9]' *
grep -Re '[^A-Za-z0-9/+=][A-Za-z0-9/+=]{40}[^A-Za-z0-9/+=]' *

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment