search

awslabs / git-secrets

Prevents you from committing secrets and credentials into git repositories
Apache License 2.0
12.45k stars 1.18k forks source link

Feature Request: Add ability to search for high-entropy strings #94

Open alexbielen opened 6 years ago

alexbielen commented 6 years ago

It would be useful to have this tool look for high-entropy strings as well. Generally good for detecting cryptographic secrets.

There is some "prior art" here with tools like https://github.com/dxa4481/truffleHog

sparr commented 1 year ago

git-secrets currently allows for an outside script (a provider) to produce a list of patterns. That script will be run in the context of the repository being checked.

Your desired behavior here could be accomplished by creating a simple provider script that runs trufflehog on the repo (or just the changes) and filters the output to produce just the list of new high entropy strings.

git-secrets would then match those strings and report a violation.

Rough concept provider script:

#!/usr/bin/env bash
trufflehog filesystem --json . | FILTER

where FILTER could use some combination of grep, jq, etc to extract the problematic string.