Cross: Implement Secret Detection as a Git Commit Hook

[guypritchard]

AS A Developer I WANT TO ensure that secrets are not committed to a public repo under any circumstances SO THAT we can avoid resources being exposed through their access keys if they were to be committed in PRs or commit history for those PRs.

• [x] Commit git configuration for all a 'test' repo which will run tooling to detect whether secrets are found within a commit.
• [x] Update documentation to indicate any setup requirements and ideally a script to make it easy.
• [ ] Share the approach with the team before committing.
• [x] Adding steps to script

[guypritchard]

We're proposing the use of a means of setting up a git commit hook Which in turn relies on a tool called detect-secrets: https://github.com/yelp/detect-secrets

We may wish to fork the pre-commit-hooks) so that the script remains unchanged and not modified in an unexpected way for any reason.

[shelabd]

Adele and Guy to discuss

[guypritchard]

I've got a PR out for an approach we can replicate in other repos. If we're all happy with that approach, we can scale that out.

[martinkearn]

@guypritchard ... I appreciate you are away, but can you point to the PR mentioned above when you get the chance? I'll do what I can to help it close in the sprint.

[guypritchard]

https://github.com/buerokratt/CentOps/pull/17 is the PR - if people are happy with this, we can replicate this in other repos. We could do that replication in another task, perhaps?