Skip to content

Oss 133 new detector vault approle auth for hashicorp #4362

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 17 commits into from
Aug 7, 2025
Merged

Oss 133 new detector vault approle auth for hashicorp #4362

merged 17 commits into from
Aug 7, 2025

Conversation

SyedAliHamad
Copy link
Contributor

@SyedAliHamad SyedAliHamad commented Aug 1, 2025
edited
Loading

Description:

This PR introduces a new detector for HashiCorp Vault AppRole authentication credentials.

Detection:
Keyword Filtering: scans for related keywords to identify relevant data chunks
Multi-Component Pattern Matching: Uses regex to find three required components:

  • role_id: hexadecimal UUID format
  • secret_id: hexadecimal UUID format
  • vault_url: HashiCorp Cloud URLs matching *.hashicorp.cloud pattern

all 3 components creates verifiable combination results

Deduplication: Ensures each unique credential combination is tested only once to prevent redundant API calls

Verification:
Validates credentials against Vault's /v1/auth/approle/login endpoint using detected URLs

200 OK: Credentials are valid and active
401/403: Invalid credentials or insufficient permissions
404 Not Found: AppRole auth method not enabled

Testing:
Pattern Tests: Comprehensive validation of formats, keyword detection, and URL pattern matching
Integration Tests: Live API verification with both active and inactive credentials

image

Checklist:

  • Tests passing (make test-community)?
  • Lint passing (make lint this requires golangci-lint)?

@SyedAliHamad SyedAliHamad marked this pull request as ready for review August 4, 2025 09:05
@SyedAliHamad SyedAliHamad requested review from a team as code owners August 4, 2025 09:05
shahzadhaider1
shahzadhaider1 requested changes Aug 4, 2025
View reviewed changes
amanfcp
amanfcp requested changes Aug 4, 2025
View reviewed changes
amanfcp
amanfcp requested changes Aug 4, 2025
View reviewed changes
amanfcp and others added 8 commits August 4, 2025 16:03
@amanfcp
Merge branch 'main' into OSS-133-new-detector-vault-approle-auth-for-…
33f603e 
…hashicorp
@SyedAliHamad
Merge branch 'OSS-133-new-detector-vault-approle-auth-for-hashicorp' of
47225b6 
https://github.com/SyedAliHamad/trufflehog into OSS-133-new-detector-vault-approle-auth-for-hashicorp
@amanfcp
Merge branch 'main' into OSS-133-new-detector-vault-approle-auth-for-…
77f559b 
…hashicorp
@SyedAliHamad
Merge branch 'OSS-133-new-detector-vault-approle-auth-for-hashicorp' of
0430ce3 
https://github.com/SyedAliHamad/trufflehog into OSS-133-new-detector-vault-approle-auth-for-hashicorp
@SyedAliHamad
resolve comments and update test cases
611db14
@SyedAliHamad
Merge branch 'main' into OSS-133-new-detector-vault-approle-auth-for-…
24b5623 
…hashicorp
@SyedAliHamad
add indefinite response handling
45ecece
@SyedAliHamad
resolve comments
3c3aea8
amanfcp
amanfcp reviewed Aug 5, 2025
View reviewed changes
amanfcp
amanfcp approved these changes Aug 5, 2025
View reviewed changes
Copy link
Contributor

@amanfcp amanfcp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thanks @SyedAliHamad

@amanfcp
Copy link
Contributor

amanfcp commented Aug 6, 2025

@shahzadhaider1 can you please review this again?

shahzadhaider1
shahzadhaider1 approved these changes Aug 6, 2025
View reviewed changes
@amanfcp amanfcp merged commit d8658ce into trufflesecurity:main Aug 7, 2025
13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@amanfcp amanfcp amanfcp approved these changes

@shahzadhaider1 shahzadhaider1 shahzadhaider1 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@SyedAliHamad @amanfcp @shahzadhaider1