What is the current behavior?
When using detect-secrets in a repository containing yaml with PGP armor'ed multiline message blocks, each individual line underneath BEGIN PGP MESSAGE is reported as a Base64 High Entropy String.
If the current behavior is a bug, please provide the steps to reproduce and if possible a minimal demo of the problem
What is the expected behavior?
I would think either multiline encrypted PGP Messages should be parsed and automatically permitted, or I should be able to exclude the entire block.
What is the motivation / use case for changing the behavior?
Permit multiline YAML PGP secrets without excluding the entire file, or without each line being considered a secret.
I'm submitting a ...
What is the current behavior? When using detect-secrets in a repository containing yaml with PGP armor'ed multiline message blocks, each individual line underneath
BEGIN PGP MESSAGE
is reported as a Base64 High Entropy String.If the current behavior is a bug, please provide the steps to reproduce and if possible a minimal demo of the problem
somefile.yaml:
# pragma: nextline secret
does not seem sufficient for overriding this.Here are a few different exclude regexes I have tried in my
.pre-commit-config.yaml
without success:What is the expected behavior? I would think either multiline encrypted PGP Messages should be parsed and automatically permitted, or I should be able to exclude the entire block.
What is the motivation / use case for changing the behavior? Permit multiline YAML PGP secrets without excluding the entire file, or without each line being considered a secret.
Please tell us about your environment:
Other information