Git module to prevent from committing sensitive information into the repository.
git-seekret inspect on commits and/or staged (and uncommited yet) files, to
prevent adding sensitive information into the git repository. It can be easily
integrated with git hooks, forcing it to analise all staged files before they are
included into a commit.
It's important to have the following tools and libraries to make it work properly:
- glide
- pkg-config
- golang >= 1.6
- libgit >= 2.24
git-seekret uses Glide to maintain its dependencies.
Follow the instructions for installing Glide: https://github.com/Masterminds/glide#install
glide install go build
This builds a binary git-seekret. Currently, there is no cross platform way to install git-seekret (e.g. Install via Brew for OS X). To make the binary widely available to the user, you need to copy it to the system's bin folder.
cp ./git-seekret /usr/local/bin
General Options:
NAME:
git-seekret - prevent from committing sensitive information into git repository
USAGE:
git-seekret [global options] command [command options] [arguments...]
VERSION:
0.0.1
AUTHOR(S):
Albert Puigsech Galicia <albert@puigsech.com>
COMMANDS:
config manage configuration seetings
rules manage rules
check inspect git repository
hook manage git hooks
help, h Shows a list of commands or help for one command
GLOBAL OPTIONS:
--global
--help, -h show help
--version, -v print the version
--global
The definition of rules and exceptions for git-seekret are defined by the `seekret go library. Proper documentation for this library can be found here:
https://github.com/apuigsech/seekret
Once you download the secrets, you will need to set your SEEKRET_RULES_PATH environment variable to point to the location of the rules.
This is needed because by default, the seekret library will look for the rules in $GOPATH/src/github.com/apuigsech/seekret/rules.
The repository seekret-secrets is prepare to test ``git-seekret`, and can be used to perform the following hands-on examples:
$ git clone https://github.com/apuigsech/seekret-secrets
$ cd seekret-secrets
$ git seekret config --init
Config:
version = 1
rulespath = /Users/apuigsech/Develop//.go/src/github.com/apuigsech/seekret/rules
rulesenabled =
exceptionsfile =
$ git seekret rules
List of rules:
[ ] aws.secret_key
[ ] aws.access_key
[ ] certs.rsa
[ ] certs.generic
[ ] certs.pgp
[ ] password.pass
[ ] password.cred
[ ] password.password
[ ] password.pwd
[ ] unix.passwd
$ git seekret rules --enable password.password
List of rules:
[ ] aws.secret_key
[ ] aws.access_key
[ ] certs.generic
[ ] certs.pgp
[ ] certs.rsa
[x] password.password
[ ] password.pwd
[ ] password.pass
[ ] password.cred
[ ] unix.passwd
$ git seekret check -c 1 # Check on last commit.
Found Secrets: 9
secret_6:2
- Metadata:
commit: 442d574a5e233d9cec7d245f7c85177cd1a827e4
uniq-id: e4ac21ceef17fff49d2f0d1fdd46f0abe7d0f62c
- Rule:
password.password
- Content:
password = 's3cr3t'
secret_8:5
- Metadata:
uniq-id: 373978394eb25268890ebee17966024300f3997b
commit: 442d574a5e233d9cec7d245f7c85177cd1a827e4
- Rule:
password.password
- Content:
password = 'thisISnotSECRET'
...
$ git seekret check -s # Check on staged files.
Found Secrets: 0
$ echo "password = 'this is super secret'" > new_file
$ git add new_file
$ git seekret check -s
Found Secrets: 1
new_file:1
- Metadata:
status: test
- Rule:
password.password
- Content:
password = 'this is super secret'