As a user, I want to ensure no passwords/secrets are committed to a PDS repo

[jordanpadams]

🧑‍🔬 User Persona(s)

Manager / IT Security

💪 Motivation

...so that I can ensure access remains secure to our repos

📖 Additional Details

⚖️ Acceptance Criteria

Given a repository under NASA-PDS with the secrets detection enabled When I perform an update to the repo to include some username/password Then I expect the secrets detection to catch this upon push to the repo

⚙️ Engineering Details

[jordanpadams]

All sub-tasks complete

[tloubrieu-jpl]

@gxtchen this should be tested with a java repository (validate) and a python repository (doi-service).

Follow developers instructions, for example https://github.com/NASA-PDS/validate?tab=readme-ov-file#pre-commit-hooks-and-detect-secrets

Then add a password in a configuration file.

Create a branch, commit the change and push it to github.

The commit should not be pushed on github, there should be some kind of warning before.

[gxtchen]

@tloubrieu-jpl I am not sure what to modify for testing. I tried adding qwfjgrir#dodood to src/site/site.xml I am getting this: [INFO] This may take a few minutes... Google Java Formatter................................(no files to check)Skipped Detect secrets...........................................................Passed Google Java Formatter................................(no files to check)Skipped Detect secrets...........................................................Passed Google Java Formatter................................(no files to check)Skipped Detect secrets...........................................................Passed [i_n_t_test 39938bd0] test

[nutjob4life]

Rather than a password (which may not have enough entropy to pass detection threshold), I would try a personal or made-up email address.

[gxtchen]

@nutjob4life thank you, got the error message.