Skip to content
Pluggable linting tool to prevent commit secret/credential file.
TypeScript JavaScript
Branch: master
Clone or download
Latest commit 37e3dfb Feb 20, 2020

README.md

Secretlint Actions Status

Secretlint is pluggable linting tool to prevent commit secret/credential file.

Purpose

  • Scan files and if the file has secret and report it
  • Prevent to commit credential files
  • Pluggable architecture

Motivation

Installation and Usage

Prerequisites: Secretlint is written by JavaScript. It require Node.js 10+.

You can install Secretlint using npm:

npm install secretlint @secretlint/secretlint-rule-preset-recommend --save-dev

You should then set up a configuration file:

npx secretlint --init

After that, you can run Secretlint on any file or directory like this:

npx secretlint "**/*"

📝 Secretlint support glob pattern and glob pattern should be wrapped by double quote.

It is also possible to install Secretlint globally using npm install --global. But, We do not recommended it, some rules may be broken in globally.

Configuration

Secretlint has a configuration file .secretlintrc.{json,yml,js}.

After running secretlint --init, you'll have a .secretlintrc.json file in your directory.

In it, you'll see some rules configured like this:

{
  "rules": [
    {
      "id": "@secretlint/secretlint-rule-preset-recommend"
    }
  ]
}

The id property is the name of secretlint rule package.

Secretlint does not have built-in rule. You want to add some rule and You should install the package and add the rule to .secretlintrc file.

Each rule has same configuration pattern

  • options: Option definition for the rule. For more details, see each rule documentation
  • disabled: If disabled is true, disable the rule

Example, @secretlint/secretlint-rule-example has allows options, but the rule is disabled.

{
  "rules": [
    {
      "id": "@secretlint/secretlint-rule-example",
      "options": {
        "allows": [
          "/dummy_secret/i"
        ]
      },
      "disabled": true
    }
  ]
}

Rule Packages

Secretlint rules are implemented as separated modules.

Also, Secretlint provide rule preset that package some rule set.

Integration

Pre-commit Hook

You can use Secretlint with a pre-commit tool. This can prevent to commit secret data by linting with Secretlint.

Husky + lint-staged

Install Husky and lint-staged:

npm install husky lint-staged --save-dev

Edit package.json:

{
  // ...
  "husky": {
    "hooks": {
      "pre-commit": "lint-staged"
    }
  },
  "lint-staged": {
    "*": [
      "secretlint"
    ]
  }
}

This means that check each staged file by Secretlint before commit.

Architecture

Opt-in instead of Opt-out

Secretlint adopt opt-in approach.

In our experience, linting tools that report various errors by default is difficult to use. Opt-in approach help to introduce Secretlint increasing.

A documentation per a Rule

We think a rule as a documentation.

Each rule should have reasonable documentation.

  • How?

Why Node.js?

  • Package Manager
    • Require pacakge manager to realize flexible pluggable system
    • Node.js has npm and yarn as package manager
    • Package manger help to install custom plugin/rule by user
  • Exist Reference Implementation
    • Node.js already has pluggable linting tools like ESLint, textlint, stylelint etc
    • So Node.js user familiar with pluggable linting tools
    • Previously, I created textlint as same approach, so I familiar with Node.js

If you interesting in Docker support, please see Docker support · Issue #7

Changelog

See Releases page.

Running tests

Install devDependencies and Run npm test:

yarn test

Contributing

Pull requests and stars are always welcome.

For bugs and feature requests, please create an issue.

See also, CONTRIBUTING.md and CODE_OF_CONDUCT.md

Author

License

MIT © azu

You can’t perform that action at this time.