S3 Secret Keys not detected

[iFrozenPhoenix]

Version

3.82.6

Trace Output

NOT APPLICABLE

Expected Behavior

S3 Secret Keys that are defined in a JSON file as a KV pair S3_SECRET_KEY: verysecret are recognized. The corresponding S3_ACCESS_KEY pairs are recognized.

Actual Behavior

S3 access keys are recognized, S3 secret keys not.

Steps to Reproduce

1. Take a test JSON file with both KV pairs
2. Place the JSON in a S3 Bucket
3. Scan the bucket (without any special flags)
4. See that S3_ACCESS_KEY is recognized and S3_SECRET_KEY not

Environment

• OS: debian
• Version testing (Rolling)

Additional Context

{
  "env": {
    "S3_ACCESS_KEY": "i-have-an-access-key",
    "S3_SECRET_KEY": "and-a-secret-key"
  }
}

References

• #0000

[dustin-decker]

Are you expecting the sample that you provided to be detected? That wouldn't match the pattern required.

[iFrozenPhoenix]

Yes indeed I expect it to be detected. The access key is detected in such a file, but the secret key not.
Can't understand the reason behind it.

[dustin-decker]

Are you trying to detect actual keys? Or placeholders like you provided?

[iFrozenPhoenix]

Actual keys. To be more specific the keys are in the given format within a cloudformation config.

[ankushgoel27]

i think its not displayng the detected secret key. use --json option and it will display the secret key in rawv2