Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/elitewise/secrets-flagger

Git Hook that scans files to ensure they don't contain credentials
https://github.com/elitewise/secrets-flagger

git-hooks husky husky-hooks

Last synced: about 1 month ago
JSON representation

Git Hook that scans files to ensure they don't contain credentials

Host: GitHub
URL: https://github.com/elitewise/secrets-flagger
Owner: EliteWise
Created: 2023-10-20T13:14:05.000Z (about 1 year ago)
Default Branch: master
Last Pushed: 2024-06-17T13:35:51.000Z (7 months ago)
Last Synced: 2024-06-17T15:10:17.091Z (7 months ago)
Topics: git-hooks, husky, husky-hooks
Language: Shell
Homepage:
Size: 10.7 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# Secrets Flagger Script

### Overview
This script scans files added, copied, or modified in the git index to ensure they don't contain any sensitive patterns that might expose credentials, keys, or other sensitive information. It's designed to be used as a preventative measure, potentially in a git pre-commit hook, to prevent accidental exposure of secrets.

### Patterns Checked
The script checks for the following patterns by default:

- AWS Access Key IDs
- Bearer tokens
- 32 or 64-character hex strings (commonly used as API keys)
- Private Keys (both generic and PGP)
- Database connection strings (MongoDB, PostgreSQL, MySQL)
- Stripe live keys
- Password fields
- Slack tokens
- SendGrid tokens

### Usage
Ensure the script is executable:
```bash
chmod +x flagger.sh
```

Run the script in your repository:
```bash
./flagger.sh
```

If any pattern is detected in the files, a warning will be displayed on the console.

### Integration with Git Hooks
To use this script as a git pre-commit hook:

1. Copy the script to `.git/hooks/pre-commit` (or in `.husky/pre-commit`) in your repository.

2. Ensure the script is executable: `chmod +x .git/hooks/pre-commit` (or `chmod +x .husky/pre-commit`)

3. When committing files, the script will automatically run. If a sensitive pattern is detected, the commit will be aborted.

### Notes
For performance reasons, if there are numerous files and patterns, it might take some time. Future enhancements might involve optimizing this aspect.

The script currently only checks files added, copied, or modified in the git index. Files that are untracked or unchanged won't be inspected.