Write global ignore rules
Vault Radar ignore rules allow you to ignore certain events based on a set of rules. You can create ignore rules for a path, file, or secret type. Rules can be applied across all data sources, or specific data sources.
All ignore rules support regular expressions (regex). This allows you add regex to match multiple types of events in a single ignore rule.
Ignore rule behavior
When a ignore rule is added, Vault Radar will still generate an event when sensitive data is found during a scan. Any event that matches an ignore rule will have:
- Severity set to INFO.
- An Ignore rule flag added.
- State set to Not important.
Set global ignore rules
Select Settings/Global Ignore Rules.
Enter the Ignore rules as YAML and update.
Types of global ignore rules you can write:
The updated ignore rules do not impact the existing events but will reflect on events from future scans. The next time you run a reconciliation scan, on-demand scan, PR webhook scan, or similar, the events will change based on the updated ignore rules.
Path ignore rules
Path based ignore rules allow you to ignore entire paths, such as directory used for documentation, or specific files within a resource.
Example path ignore rule
Ignore all files in a directory.
Ignore specific files in a directory.
Secret ignore rules
Secret ignore rules allow you ignore specific secret values that may be used in a data source, such as a example password used in documentation or as help within the application.
Example secret ignore rule
Secret type ignore rules
Secret type ignore rules allow you to ignore built-in event rules that may be expected in a data source.
The secret type value must be entered in all lower case. For a full list of all event types, refer to the Event rules in the Settings section of the HCP Portal.
Note
Event types in the HCP Portal in the format of "Platform type of secret". When
used for a global ignore rule, convert to all lower case and replace any spaces
with underscores ( _
).
Example secret type ignore rule
Resource ignore rules
Resource ignore rules allow you to configure one or more ignore rules on a specific resource such as a repository, instead of all resources. You could configure ignore rules on honey pot repositories or documentation repositories that may generate a high level of unimportant alerts, but do not want to ignore those events on other repositories.
Example resource ignore rule