https://github.com/tyler36/secretlint-demo

Demo of using SecretLint in CI workflow
https://github.com/tyler36/secretlint-demo

demo github-workflow gitlab-pipeline secrets security

Last synced: 4 months ago
JSON representation

Demo of using SecretLint in CI workflow

• Host: GitHub
• URL: https://github.com/tyler36/secretlint-demo
• Owner: tyler36
• Created: 2025-02-04T01:20:28.000Z (over 1 year ago)
• Default Branch: main
• Last Pushed: 2026-02-03T02:59:40.000Z (4 months ago)
• Last Synced: 2026-02-03T16:43:20.402Z (4 months ago)
• Topics: demo, github-workflow, gitlab-pipeline, secrets, security
• Homepage:
• Size: 117 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# SecretLint 

[![linting](https://github.com/tyler36/secretlint-demo/actions/workflows/secretlint.yml/badge.svg)](https://github.com/tyler36/secretlint-demo/actions/workflows/secretlint.yml)

[![Dependabot Updates](https://github.com/tyler36/secretlint-demo/actions/workflows/dependabot/dependabot-updates/badge.svg)](https://github.com/tyler36/secretlint-demo/actions/workflows/dependabot/dependabot-updates)

## Overview

Secretlint is a linting tool to prevent committing credentials.

Homepage: 

Playground: 

## Install

1. Install

```shell

npm install secretlint @secretlint/secretlint-rule-preset-recommend --save-dev

```

## Usage

### Docker

Check files in the current directory with Docker

```shell

docker run -v `pwd`:`pwd` -w `pwd` --rm -it secretlint/secretlint secretlint "**/*"

```

### With node installed

```shell

npx @secretlint/quick-start "**/*"

```

### NPM help

```json

  "scripts": {

    "lint:secrets": "secretlint **/*"

  },

```

## Use cases

### Hide secrets in files

One good usage is to find and mask secrets from your CLI history.

The following line scans your `.zsh_history` and replaces all secrets with a mask.

```shell

secretlint .zsh_history --format=mask-result --output=.zsh_history

```

### Ignoring

#### Ignoring lists

By default, secretlint ignores the following globs:

- `**/.git/**`,

- `**/node_modules/**`,

- `**/.secretlintrc/**`,

- `**/.secretlintrc.{json,yaml,yml,js}/**`,

- `**/.secretlintignore*/**`

Use `.secretlintignore` file with globs.

#### Ignoring with comments

[@secretlint/secretlint-rule-filter-comments](https://www.npmjs.com/package/@secretlint/secretlint-rule-filter-comments) supports using comment to disable/enable secretlint.

```php

secret='password' // secretlint-disable-line

// secretlint-disable-next-line

secret='password'

```

```php

// secretlint-disable

secret='password'

// secretlint-enable

```

## Configuration

Create a configuration file with the following line:

```shell

npx secretlint --init

```

Secretlint has a configuration file `.secretlintrc.{json,yml,js}`.

### Masking secrets

Use `--maskSecrets` to prevent secrets from displaying in logs and outputs.

### Locale

Use `--locale` with a valid language to translate messages. For example: `secretlint **/* --locale ja`