This repository represents a simple example of how you can use detect-secrets-docker along with your Google's Cloud Build

The basefiles are already added to the repository

Using detect-secrets-docker, push the CI docker image using the following command (replacing with the project id):

docker push gcr.io/{GCP_PROJECT_ID}/detect-secrets-docker-ci:latest

An example of passed and failed builds:

Cloud Build uses either a Dockerfile, or a YAML file. You can use the provided cloudbuild.yaml file as-is, but feel free to amend it as necessary to suit your usage.

Note that the configuration consists of two steps. The first is to unshallow the repository (Cloud Build fetchs a shallow clone of the repository for the build pipeline). This is required for comparisons of files to detect for secrets

The second step is to validate for the presence of secrets!

If a secret is found, you'll see something like the following, with a helpful message on the affected lines where the secrets are:

Remove the affected lines of code, or update your baseline files, and your builds should pass !