Safedotenv is tool to check if your code leaks any .env variables that are left in code for testing purposes.
Scanning llvm source code(8 million lines of code) takes around 1 second on Intel i7-10510U and NVMe. However there is still room for improvement.
Install safedotenv-git
from AUR
yay -S safedotenv-git
git clone git@github.com:gbaranski/safedotenv.git
cd safedotenv
cargo build --release
./target/release/safedotenv
Basic usage, scanning current directory recursively, assuming .env is present at current directory
safedotenv
Scanning current directory but with .env file somewhere else
safedotenv --env-file somedir/.env
Scanning specific directory but with .env file somewhere else
safedotenv --env-file somedir/.env ~/some/safe/dir
Scanning specific directory but with .env file somewhere else, ignoring REFRESH_TOKEN
and ACCESS_TOKEN
variables from .env
safedotenv --env-file somedir/.env --ignore-env REFRESH_TOKEN ACCESS_TOKEN ~/some/safe/dir
- Open
.git/hooks/pre-commit
file(create if does not exits) - Add this code
#!/bin/bash
out=$(safedotenv --quiet $(git rev-parse --show-toplevel) 2>&1)
if [[ $out ]]; then
echo -e "${out}"
echo
echo "Safedotenv prevented you from possibly commiting unsafe code, to ignore that, use"
echo " git commit --no-verify"
exit 1
fi
- Add permissions to execute file
chmod +x .git/hooks/pre-commit