Skip to content

halprin/git-secrets

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

28 Commits
git_secrets
git_secrets
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
deploy.sh
deploy.sh
 
 
requirements.txt
requirements.txt
 
 
setup.py
setup.py
 
 
tox.ini
tox.ini
 
 

Repository files navigation

git-secret

Git without secrets

Prerequisites

Python 3 is required. Python 2 is not supported.

Second, Python 3's bin directory needs to be in your PATH environment variable. For example, if you are using the python.org install on macOS, you will need to add the following to your ~/.profile.

PATH="/Library/Frameworks/Python.framework/Versions/3.*/bin:${PATH}"

Installation

git-secrets is located on PyPI.

To install, run the following.

$ pip3 install qpp-git-secrets

sudo may be needed if your Python 3 installation is in a protected directory. This will put the command the bin directory of your Python 3 installation.

To update git-secrets to the latest version, run the following.

$ pip3 install --upgrade qpp-git-secrets

Again, sudo may be required.

Usage

Currently, git-secrets only checks the added lines of staged files. AKA, only the added lines that are about to be committed will be checked.

Installing the Pre-commit Hook

Run the following when the PWD is in the repository you want to add a pre-commit hook...

$ git secrets install

If there exists a pre-commit.d directory, this will add a bash script into that directory. If that directory doesn't exist, the pre-commit bash script will be created directly. If the pre-commit script already exists, git-secrets will exit with an error since it chooses to not remove the previous pre-commit script.

Manually scanning

If you want to manually scan a repository, you can run the following while your PWD is in the repository...

$ git secrets scan

Secrets are then scanned.

Specifying Secrets

There are two locations that git-secrets checks for secret specifications. The secrets from the two locations are merged together.

  1. A .gitsecrets file in the top level directory of the repository.
  2. ~/.gitsecrets.

Each line in these files should contain a regular expression. The regular expression syntax is based off what the Python 3 re module supports.

Example Secrets

TINs that don't start with 000 or 999 or don't have 00 for the middle number group.

(\D|^)(?!000)(?!999)\d{3}\s(?!00)\d{2}\s\d{4}(\D|$)
(\D|^)(?!000)(?!999)\d{3}-(?!00)\d{2}-\d{4}(\D|$)
(\D|^)(?!000)(?!999)\d{3}(?!00)\d{2}\d{4}(\D|$)

Development

I accept PRs! Check out the issues.

About

Git without secrets

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases 3

1.1.1 Latest
Dec 5, 2018
+ 2 releases

Packages

No packages published

Languages