Skip to content

Latest commit

 

History

History
28 lines (18 loc) · 1 KB

.pre-commit-README.md

File metadata and controls

28 lines (18 loc) · 1 KB
Raw

Pre-Commit-Hook

The defined pre-commit-hook prevents committing passwords to the repository. In case a password is detected git commit fails.

Install pre-commit

  1. Install pre-commit-hook tool $ pip install pre-commit
  2. Install detect-secrets $ pip install detect-secrets

Enable secret-scanning pre-commit hook

  1. Update pre-commit-hook $ pre-commit autoupdate
  2. Enable defined pre-commit-hook $ pre-commit install

On repository initialization of pre-commit hook with detect-secrets

If no .secrets.baseline is present, simply generate it:

  1. $ detect-secrets scan --disable-plugin KeywordDetector --disable-plugin AWSKeyDetector > .secrets.baseline
  2. Use Notepad++ or IntelliJ-Editor to convert .secrets.baseline to UTF-8

Add false-positives or force adding secrets

  1. $ detect-secrets scan --baseline .secrets.baseline
  2. If secrets are identified, add them to .secrets.baseline manually For more details see: https://github.com/Yelp/detect-secrets#adding-secrets-to-baseline