This is most likely a false positive. but are you committing your website into Git? I'd recommend against that and instead rely on a backup process for the website itself. The source code and website should remain separate for all kinds of reasons.

Hi Everyone,

I came across a discussion regarding the editAuthenticationSystem in the extensions-bundle.js file, particularly in relation to the Generic High Entropy Secret issue. I understand that Will Strohl have suggested marking it as a false positive, but I would like to clarify its actual use within the DNN framework.

Could someone explain the purpose of editAuthenticationSystem? Additionally, if we were to consider removing it from our repository, how will it impact DNN?

Thank you for your insights!

The key "editAuthenticationSystem" in the extensions-bundle.js and .js.map files is part of the DNN Persona Bar JavaScript code, and it is not a secret token or credential. It’s simply a client-side UI action key used for routing or permission checks in the DNN admin interface.

GitGuardian and similar tools can often return false positives when scanning minified JavaScript bundles because they look for patterns like "token" or keys that look like credentials (e.g., "editAuthenticationSystem") without understanding their context.

This is not an actual secret — it's just a UI permission key in a JavaScript file. You can safely mark it as a false positive in GitGuardian and ensure your CI process is configured to avoid flagging frontend bundle files incorrectly.

Also, please avoid modifying the DNN source code at all costs...  It seems easy, fast and innocent now - but you'll be stuck not able to upgrade in the future (or it will become too expensive to upgrade). 

Hi Will Strohl

Thank you for your helpful suggestions regarding the Git Guardian secret token issue. I appreciate your insights and guidance on this matter.