{"id":23435550,"url":"https://github.com/customcommander/git-secrets-examples","last_synced_at":"2025-04-09T17:33:48.928Z","repository":{"id":73818506,"uuid":"269195543","full_name":"customcommander/git-secrets-examples","owner":"customcommander","description":"Examples on how to use git-secrets from AWSLabs to find secrets in your Git repository","archived":false,"fork":false,"pushed_at":"2020-06-03T21:29:59.000Z","size":6,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-02-15T10:29:59.192Z","etag":null,"topics":["examples","git","secrets-detection"],"latest_commit_sha":null,"homepage":null,"language":"Dockerfile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"cc0-1.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/customcommander.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-06-03T21:11:42.000Z","updated_at":"2021-07-19T14:47:18.000Z","dependencies_parsed_at":"2023-03-10T10:02:03.352Z","dependency_job_id":null,"html_url":"https://github.com/customcommander/git-secrets-examples","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/customcommander%2Fgit-secrets-examples","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/customcommander%2Fgit-secrets-examples/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/customcommander%2Fgit-secrets-examples/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/customcommander%2Fgit-secrets-examples/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/customcommander","download_url":"https://codeload.github.com/customcommander/git-secrets-examples/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248077720,"owners_count":21044011,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["examples","git","secrets-detection"],"created_at":"2024-12-23T12:51:51.261Z","updated_at":"2025-04-09T17:33:48.609Z","avatar_url":"https://github.com/customcommander.png","language":"Dockerfile","funding_links":[],"categories":[],"sub_categories":[],"readme":"# git-secrets examples\n\nVarious examples on how to use [git-secrets][gs-repo] to detect secrets in your current source tree and your history.\n\nThis is the canonical source for this post of mine:\u003cbr\u003e\nhttps://softwarerecs.stackexchange.com/q/74761/67727\n\n## Try This Yourself\n\nAll the _How Tos_ below have been verified against a reproducible Dockerised environment.\n\nClone this repository and simply execute `./run.sh` (assuming you have Docker installed on your machine).\n\nThe Docker container has `git-secrets` installed in addition to a few Git repositories to experiment with.\n\n## How Tos\n\n### How To Install?\n\nFetch the latest release, unzip it and build it with Make.\nThe `git-secrets` binary should now be in your PATH. e.g.,\n\n```sh\ncurl -L -o /tmp/git-secrets.zip https://github.com/awslabs/git-secrets/archive/1.3.0.zip\ncd /tmp\nunzip git-secrets.zip\ncd git-secrets-1.3.0\nmake install\n```\n\nYou're not done yet! It now must be installed as a Git hook in each Git repository you would like to inspect. e.g.,\n\n```sh\ncd /path/to/repo\ngit-secrets --install\n```\n\n_From now on the following How Tos will assume that `git-secrets` is in your PATH and that the Git hook has been installed_\n\n### How To Find Secrets In A Git Repository?\n\nWe'll be looking for the following patterns:\n\n- token\n- username\n- password\n\nWe want to know which files match these patterns in the current source tree and across the entire Git history.\n\nTo demonstrate the capabilities of `git-secrets` will add the first pattern from the CLI:\n\n```sh\n# at the root of the repo\ngit secrets --add token\n```\n\nThe two other patterns will be loaded from a file `/var/forbidden-patterns.txt`:\n\n```txt\nusername\npassword\n```\n\n```sh\n# at the root of the repo\ngit secrets --add-provider -- cat /var/forbidden-patterns.txt\n```\n\nNow let's add the following files to our Git repo:\n\nFirst `secrets-1.txt`:\n\n```\nusername=abc\npassword=123\n```\n\n```sh\n# at the root of your repo\ngit add secrets-1.txt\ngit commit -m \"add secrets-1.txt\"\n# please note that we're now removing the file!\ngit rm secrets-1.txt\ngit commit -m \"remove secrets-1.txt\"\n```\n\nThen `secrets-2.txt`:\n\n```\ntoken=123456789\n```\n\n```sh\n# at the root of your repo\ngit add secrets-2.txt\ngit commit -m \"add secrets-2.txt\"\n```\n\nNow let's scan the current source tree:\n\n```sh\n# at the root of your repo\ngit secrets --scan\n```\n\nWhich outputs:\n\n```txt\nsecrets-2.txt:1:token=123456789\n```\n\nIt hasn't found `secrets-1.txt` because that file has been deleted. However we also want to make sure we're not exposing secrets in the Git history. Let's do that:\n\n```sh\ngit secrets --scan-history\n```\n\nWhich outputs:\n\n```txt\nc5e7f9887ed95f7d3aeb4ed011a8235e238b9ed1:secrets-2.txt:1:token=123456789\nc0082ddbb0e2b14499808b376e133a6fbb5799cc:secrets-1.txt:1:username=abc\nc0082ddbb0e2b14499808b376e133a6fbb5799cc:secrets-1.txt:2:password=123\n```\n\nWe now can see in which commits a secret has been found.\n\n\n\n\n\n[gs-repo]: https://github.com/awslabs/git-secrets","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcustomcommander%2Fgit-secrets-examples","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcustomcommander%2Fgit-secrets-examples","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcustomcommander%2Fgit-secrets-examples/lists"}