search

valayDave / tell-me-your-secrets

Find secrets on any machine from over 120 Different Signatures.
MIT License
47 stars 9 forks source link

Pre-commit hook #65

Open valayDave opened 1 year ago

valayDave commented 1 year ago

We can create a pre-commit hook for this project. Will be very useful to avoid leaking secrets at the time of code commits.

inverse commented 1 year ago

Sounds like a good idea!

inverse commented 1 year ago

Docs here: https://pre-commit.com/#new-hooks

Example: https://github.com/PyCQA/isort/blob/main/.pre-commit-hooks.yaml

valayDave commented 1 year ago

Here are a few more thoughts about how we will implement a pre-commit hook:

  1. Have a less verbose logging scheme and only show what is causing the issue
  2. Can throw a nonzero exit code so pre-commit can fail when discovering secrets. We already support this
  3. Have a way to dump the findings to JSON
  4. Can point out what is causing the pre-commit fail. For example, if we discover an AWS credential, it would be nice to show what file, pattern, and regex match is causing the issue. Related to #61
  5. The PC hook should also allow filtering signatures we need (which we already have) and specifying signatures we want to ignore (which we don't have).