From b470715f390e2e87dae000dfeda1001629235fc7 Mon Sep 17 00:00:00 2001
From: James Elford <james.p.elford@gmail.com>
Date: Sat, 31 Mar 2018 09:10:37 +0100
Subject: AWS and GCP store credentials in local directories as part of project
 setup.

Configuration for cloud providers is sensitive information; it should be
in the default block list. I didn't see profiles for gcloud or awscli,
so haven't added any exclusions.

boto and kubectl are not provider-specific, but also store credentials for
whichever platforms they happen to be being used with.
---
 etc/disable-common.inc | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'etc')

diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index e5de0b61f..0f605b933 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -297,6 +297,13 @@ blacklist /etc/ssh
 blacklist /home/.ecryptfs
 blacklist /var/backup
 
+# cloud provider configuration
+blacklist ${HOME}/.aws
+blacklist ${HOME}/.boto
+blacklist /etc/boto.cfg
+blacklist ${HOME}/.config/gcloud
+blacklist ${HOME}/.kube
+
 # system directories
 blacklist /sbin
 blacklist /usr/local/sbin
-- 
cgit v1.2.3-70-g09d2