The External Secrets Inc. Audit & Compliance product suite is a premium product.
It requires a specific subscription. Contact us for more information.
Cross Provider Duplication
This policy example will check if a given secret is duplicated between two providers.
The policy will be non-compliant if the secret is duplicated between two providers.
Policy Execution Time
This policy example should be executed on Result events.
Default Deny, Allow Case-by-Case Policy Code
package main
import rego.v1
default allow := false
# Allow if secret has no duplicates at all
allow if {
len(input.Duplicates) == 0
}
# Allow if all duplicates are from the same provider as the secret itself
allow if {
provider_id := input.ProviderId
count({x | input.Duplicates[x]; same_provider(input.Duplicates[x],provider_id)}) == len(input.Duplicates)
}
same_provider(key,base) if {
key.Provider == base
}
