I can no longer build as I get failures due to the new (afaik) secret scanning feature. I checked and they are false positives. The build log said to look here, Enhanced security with Secrets Controller | Netlify Docs, which documented setting SECRETS_SCAN_ENABLED to false.
I did so, did a new build, and it didn’t work.
Looking closely in the build log, I saw that there, it mentioned SECRETS_SCAN_SMART_DETECTION_ENABLED, which is different. So I added it, set to false, and I still can’t bypass the scan.
For folks who may run into this, I still think we have a documentation issue, but, if you use false, not FALSE, it works. (I could remove one key and test again, but it’s Friday and past 5 and my build went through, so I’m satisfied.)
Err… ok… but I guess I’m confused then. I got the error in the build, and it did mention SECRETS_SCAN_SMART_DETECTION_ENABLED, but the doc it linked to, I first saw SECRETS_SCAN_ENABLED. Don’t you think it’s possible for folks to get confused? Heck, I can’t tell what the difference is. Can you explain it?
Great question! I can understand why that would be confusing. This week, we rolled out a new feature, Smart Secret Scanning:
The docs you linked refer to enabling / disabling secret scanning manually. However, the docs Hrishikesh linked refer specifically to smart detection, which now occurs by default unless opted out. Since you’d like to opt-out of smart detection, the environment variable you’re looking for is SECRETS_SCAN_SMART_DETECTION_ENABLED.