Can't build due to secret scanning

I can no longer build as I get failures due to the new (afaik) secret scanning feature. I checked and they are false positives. The build log said to look here, Enhanced security with Secrets Controller | Netlify Docs, which documented setting SECRETS_SCAN_ENABLED to false.

I did so, did a new build, and it didn’t work.

Looking closely in the build log, I saw that there, it mentioned SECRETS_SCAN_SMART_DETECTION_ENABLED, which is different. So I added it, set to false, and I still can’t bypass the scan.

What now?

For folks who may run into this, I still think we have a documentation issue, but, if you use false, not FALSE, it works. (I could remove one key and test again, but it’s Friday and past 5 and my build went through, so I’m satisfied.)

Docs are here: Secret scanning | Netlify Docs

Um, yes, I linked there, right? Did you see my note about how the error in the build log shows a different value then the docs?

Did you scroll down? I linked you to the correct header, you are looking in a different section.

Err… ok… but I guess I’m confused then. I got the error in the build, and it did mention SECRETS_SCAN_SMART_DETECTION_ENABLED, but the doc it linked to, I first saw SECRETS_SCAN_ENABLED. Don’t you think it’s possible for folks to get confused? Heck, I can’t tell what the difference is. Can you explain it?

Great question! I can understand why that would be confusing. This week, we rolled out a new feature, Smart Secret Scanning:

The docs you linked refer to enabling / disabling secret scanning manually. However, the docs Hrishikesh linked refer specifically to smart detection, which now occurs by default unless opted out. Since you’d like to opt-out of smart detection, the environment variable you’re looking for is SECRETS_SCAN_SMART_DETECTION_ENABLED.

Let me know if you need further clarity on that!