feat: automated secrets check for the repository

2026-02-08 21:34:25 +00:00 · 2023-11-19 21:02:21 +01:00
parent 807eb358ce
commit 15f17b28e4
6 changed files with 23 additions and 0 deletions
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -24,6 +24,10 @@ repos:
      - id: check-yaml
        args:
          - --allow-multiple-documents
+  - repo: https://github.com/sirwart/ripsecrets
+    rev: v0.1.7
+    hooks:
+      - id: ripsecrets
  - repo: https://github.com/adrienverge/yamllint
    rev: v1.33.0
    hooks:
--- a/.secretsignore
+++ b/.secretsignore
@@ -0,0 +1,6 @@
+[secrets]
+PASSWORD
+s.WVDAitOTTTfcjlklwk8AADDs
+90E08830BC1AAD225E657AD4FBE638B3D8E50C9E
+5FA04ABEBFBC5089E50EDEB43198B4895BCA2136
+7710BA0643CC022B92544181FF2EAC2A290CDC0E
--- a/base/detect-secrets.placeholder
+++ b/base/detect-secrets.placeholder
@@ -0,0 +1,3 @@
+https://github.com/Yelp/detect-secrets
+
+alternatives: gitleaks, ripsecrets, trufflehog
--- a/base/gitleaks.placeholder
+++ b/base/gitleaks.placeholder
@@ -0,0 +1,4 @@
+https://gitleaks.io/
+https://github.com/gitleaks/gitleaks
+
+alternatives: detect-secrets, ripsecrets, trufflehog
--- a/base/ripsecrets.placeholder
+++ b/base/ripsecrets.placeholder
@@ -0,0 +1,3 @@
+https://github.com/sirwart/ripsecrets
+
+alternatives: detect-secrets, gitleaks, trufflehog
--- a/base/trufflehog.placeholder
+++ b/base/trufflehog.placeholder
@@ -0,0 +1,3 @@
+https://github.com/trufflesecurity/trufflehog
+
+alternatives: detect-secrets, gitleaks, ripsecrets