/** * Sensitive Data Detection Module * * Detects potentially sensitive data (API keys, secrets, passwords, tokens) * in CloudFormation resources BEFORE they are sent to the CDK Insights backend. * * When detected: * 1. Do NOT send the resource to the backend for AI analysis * 2. Create a CRITICAL finding displayed at the TOP of output * 3. Cause the CLI to exit with error code (unless --warn-sensitive) * 4. Static analysis still runs on the resource (just AI is skipped) * 5. Recommend secure alternatives (Secrets Manager, SSM Parameter Store) */ import type { CloudFormationResource, Issue } from '../../types/analysis.types'; import type { SensitiveDataDetectionOptions, SensitiveDataDetectionResult, SensitiveDataFinding, SensitiveDataSummary } from './types'; /** * Detect sensitive data in a CloudFormation resource * * @param resource - The CloudFormation resource to scan * @param resourceId - The logical ID of the resource * @param options - Detection options * @returns Detection result with any findings */ export declare const detectSensitiveData: (resource: CloudFormationResource, resourceId: string, options?: SensitiveDataDetectionOptions) => SensitiveDataDetectionResult; /** * Create an Issue from a sensitive data finding */ export declare const createSensitiveDataIssue: (resourceId: string, resourceType: string, finding: SensitiveDataFinding, stackName?: string) => Issue; /** * Create a consolidated Issue for all sensitive data findings in a resource * This creates ONE issue per resource listing all sensitive properties */ export declare const createConsolidatedSensitiveDataIssue: (result: SensitiveDataDetectionResult, stackName?: string) => Issue; /** * Scan multiple resources and return a summary */ export declare const scanResourcesForSensitiveData: (resources: Record, options?: SensitiveDataDetectionOptions) => SensitiveDataSummary; /** * Redact sensitive data from a resource for safe output * Returns a deep copy with sensitive values replaced by [REDACTED] */ export declare const redactSensitiveResource: (resource: CloudFormationResource, result: SensitiveDataDetectionResult) => CloudFormationResource; export type { SensitiveDataDetectionOptions, SensitiveDataDetectionResult, SensitiveDataFinding, SensitiveDataSummary, } from './types';