Site name: eager-almeida-2deb1e
DNS name: https://rcbuilder-test.dpenwood.com/
After years of successful builds, Netlify is suddenly failing, claiming it has found two exposed API keys in my code. One of them is a false positive; the other is, in fact, an exposed API key.
So I have two issues.
First issue
I remediated the problem with the exposed key; I updated the config file containing keys to use process.env and pull in the REACT_APP environment variable. I also ensured that .env is no longer checked into GitHub and no longer tracked.
Yet every time I do a deploy, it still fails, showing the same build directory/file each time: build/static/js/3354.981294f4.chunk.js
No matter what I change, update, upload, etc. it fails with the same secrets error. It’s as if it’s not cleaning up the pre-existing build directory. I’ve instructed it to clear cache, etc.
Second issue
I have a false positive. I know I can set an environment variable to tell Netlify not to scan for exposed keys. However, that is a valuable service, and I’d rather find a way to instruct it to skip the false positive. Is there a way to do this without turning off the scan completely?
Thank you!