Detects secret leaks in the given payloads Service
- Service Overview
- Alerts: https://alerts.gitlab.net/#/alerts?filter=%7Btype%3D%22secret-detection%22%2C%20tier%3D%22sv%22%7D
- Label: gitlab-com/gl-infra/production~“Service::SecretDetection”
Logging
Section titled “Logging”Summary
Section titled “Summary”The Secret Detection Service is stateless service that scans for secret leaks in the given payload. This service is currently used by “Secret Push Protection” feature, managed by Secure:Secret Detection team.
The service deployments are being managed by Runway and the service is privately accessible to Rails monolith (via internal load balancer).
The source code repository for the service is available here and the runway deployment configuration is located here.
Architecture
Section titled “Architecture”Architecture document is available here
Performance
Section titled “Performance”Standalone benchmarks are available here
Scalability
Section titled “Scalability”Secret Detection service is deployed using Runway and its scaling is handled by Cloud Run and configured as part of Runway deployment (doc).
Availability
Section titled “Availability”As Secret Detection service is privately accessible only by Rails monolith, we are deploying the service only at the regions where Rails monolith is deployed. So, the service is currently deployed only at us-east1 region.
Security/Compliance
Section titled “Security/Compliance”The service is stateless by nature and it doesn’t log/store any customer-related data. Application Security review issue is available here.
Monitoring/Alerting
Section titled “Monitoring/Alerting”The service is deployed using Runway and Runway packs built-in observability, particularly monitoring stack. Default Runway metrics for the service is available at Runway Service Metrics dashboard.