feat: prevent secrets from leaking to source control #1373
Conversation
|
I do not yet understand the userstory / use case behind this. Can you describe your motivation @lirantal? |
|
Hi @DanielRuf , the context is outside of this website, I'm not sure whether you receive an invitation link cc: @lirantal ? |
|
I did a first try, I already deliver my outcome. We are testing this deeply. |
Not that I am aware of. Did I miss something? |
|
@DanielRuf this is related to the conversation we had on Twitter DM with regards to the open source security program. Let's continue chatting for more context. Do you feel this PR description, as-is, still misses on context? What else should I add? |
There was a problem hiding this comment.
I tested this deeply, under the following environments:
- Windows, no Docker, no Python.
- Mac, Docker and Python installed
- Mac Docker shutdown but installed and Python installed (it should fails)
- Mac Only Python installed.
Thanks @lirantal for this, it is gonna be a nice addition.
|
🤖This thread has been automatically locked 🔒 since there has not been any recent activity after it was closed. |
Type:
Feature
The following has been addressed in the PR:
Description:
Adds support through
detect-secretswhich wraps Yelp's generic detect-secrets tool, to test for secrets being committed to source control using the pre-commit framework the project already has, and as a result prevent secrets like passwords, tokens and others to leak into source control.The
detect-secretsnpm package will try different methods of invoking thedetect-secrets-hooktool to run the secrets test for each file, and if it isn't able to find it will silently fail to not interrupt developer workflow. In a future re-visit of this capability we can update this to be a breaking change and fail the commit (or perhaps fail the CI, which might be a bit late, but better than never).