Brief guide runs through the options for managing secrets scanning in Netlify, the secrets scanning process runs at the end of the build step, before deployment.
What is Secrets Scanning in Netlify?
When using environment variables, you can specify whether the variable is secret:
If this option is selected, Netlify will check for the existence of the value in the project code and any output from the build process.
Managing the Secrets Scan
The management of the secrets scan is achieved using environment variables in the app, this lets you define how (and whether) the scan works.
Disable the Netlify Secrets Scan
To disable the scan entirely, create a new environment variable for the target app:
SECRETS_SCAN_ENABLED
Set the value for the variable to either true or false.
Excluding specific secrets from the scan
The exclude specific secrets from the secrets scan:
SECRETS_SCAN_OMIT_KEYS
Enter a comma separated list of secrets (by name) that should not be included in the scan.
Exclude specific paths from the secrets scan
To exclude specific paths from the scan:
SECRETS_SCAN_OMIT_PATHS
Enter a comma separated list of paths relative to the project root that should NOT be included in the scan.
This is a useful feature to prevent scans of cache directories which are not part of the deployment package.