Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[enhancement] Allow setting DETECT_SECRETS_SECURITY_TEAM via a command-line argument #436

Open
ExplodingCabbage opened this issue Mar 22, 2021 · 1 comment
Labels
enhancement The issue is related to improving a certain aspect of the project. triaged The issue has been reviewed but has not been solved yet.

Comments

@ExplodingCabbage
Copy link

In #283, @0atman added the DETECT_SECRETS_SECURITY_TEAM environment variable. Trouble is, it's hard to set environment variables via pre-commit (and pre-commit is one of the officially suggested ways of running detect-secrets, per the README). As far as I've been able to find, pre-commit has no support at all for configuring environment variables in pre-commit.yaml, and you have to resort to a hack like overriding the hook's entry in pre-commit.yaml to be something like

env DETECT_SECRETS_SECURITY_TEAM='in #infosec' detect-secrets-hook

which is a bit ugly and more importantly isn't a trivial workaround to come up with - you need to have at least a little bit of knowledge of how pre-commit works to even know that entry: is a thing and that it's possible to override it, and then you need to look into this repo to discover that the default entry is the detect-secrets-hook executable, and you need to have sufficient unix knowledge to know that you can use env to run another program with added environment variables.

It'd probably be easier for people to use this feature if there were also a --security-team command-line argument that could be used instead, rather than setting an environment variable being the only way.

@0atman
Copy link
Contributor

0atman commented Mar 22, 2021

Yeah, we were wrapping pre-commit in our own python script, setting the env there. We've since stopped using our custom wrapper and gone back to vanilla pre-commit, so we'd have the same annoyances as you have outlined.

@lorenzodb1 lorenzodb1 added the pending The issue still needs to be reviewed by one of the maintainers. label Jun 15, 2022
@lorenzodb1 lorenzodb1 added triaged The issue has been reviewed but has not been solved yet. enhancement The issue is related to improving a certain aspect of the project. and removed pending The issue still needs to be reviewed by one of the maintainers. labels May 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement The issue is related to improving a certain aspect of the project. triaged The issue has been reviewed but has not been solved yet.
Projects
None yet
Development

No branches or pull requests

3 participants