Create custom risk types
You can define a custom risk type that CLI will recognize. It can be a secret (e.g. an API token), a PII (Personal Identifying Information), or NIL (Non-Inclusive Language).
File format
Custom risk type is defined in an YAML file.
Example
The following file detects GitLab PAT token:
Field descriptions
Field | Description |
---|---|
value | specifies a regular expression to match the risk. Vault Radar supports golang stype regular expressions as well as PCRE |
type | Unique identifier for the risk type. While there are no restrictions on the actual value, the best practice is to keep it to lower-case letters and underscore only |
category | Risk category. Must be one of secret , pii , or nil |
description | Human friendly description of the risk type. |
precedence | This is internal to Vault Radar, use strong_pattern for all custom risk types. |
Location
CLI loads .yaml
files from $HOME/.hashicorp/vault-radar/custom_patterns
folder.
Examples
Here are examples of custom risk definitions.
Non-Inclusive Language:
PII: