Using git-secrets(https://github.com/awslabs/git-secrets). It is currently used used to scan the git repositories for secrets. However, the base installation overrides preexisting git hooks and has no default patterns to scan for. Here we are extending git-secrets to automatically setup to a predetermined specification (set here in this repository) and allow for use in other git hook modules e.g. pre-git.
- Getting Git Secrets
- Adding Git Secrets to your project
- Setting up to scan
- Scanning for secrets
- Adding patterns, allowed patterns and allowed literals
-
Install Git Secrets.
brew install git-secrets
-
In your project's repository, add the following commands to your
Makefile, customizing them as needed.scanner: ## Initialize git secrets in the scanner folder git clone git@github.com:redbadger/secrets-scanner.git scanner @echo "" @echo "*************************************************************" @echo "* Follow the instructions to get added to the setup the scanner:" @echo "* https://github.com/redbadger/secrets-scanner/blob/master/README.md" @echo "*************************************************************" @echo "" @read -p "Press any key to continue." setup-scanner: scanner ## Setup git secrets with stored configuration @cd scanner && git pull @cd scanner && $(MAKE) full-setup scan-secrets: scanner ## Scan for secrets @git secrets --scan
-
Add the folder
scannerto your.gitignore.
-
In your project's repository, clone this repository
make scanner
-
Begin the setup, this will alter .git/config on your repository
make setup-scanner
-
In your project's repository, you can simple scan as needed
make scan-secrets
-
You can also add this to your git hooks to scan pre-commit (recommended)
Please add a line to the appropriate file:
- patterns - for patterns to search for
- allowed - patterns to ignore
- literals - literal strings to ignore
OR to add project based (which will not be stored here) follow instructions on https://github.com/awslabs/git-secrets