Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Add a pre-commit check for secrets
See original GitHub issueIs your feature request related to a specific problem?
We want to avoid accidentally committing secrets to the repo
Describe the solution you’d like
Add a pre-commit task that scans for secrets. We should additionally leverage the noxfile to verify that developers have this enabled.
Describe alternatives you’ve considered, if any
Not sure what other options we have besides pre-commits here, or what might be better
Issue Analytics
- State:
- Created a year ago
- Comments:17 (13 by maintainers)
Top Results From Across the Web
Creating a pre-commit git hook to detect secrets
A tutorial that shows quickly how to set up a pre-commit hook to detect secrets using GitGuardian's open-source CLI tool GitGuardian Shield.
Read more >git-secrets/.pre-commit-hooks.yaml at master - GitHub
Prevents you from committing secrets and credentials into git repositories - git-secrets/.pre-commit-hooks.yaml at master · awslabs/git-secrets.
Read more >Supported hooks - pre-commit
check -added-large-files - prevents giant files from being committed. check-ast - simply checks whether the files parse as valid python.
Read more >Git Pre-commit Hooks - The GDS Way
Git hooks are scripts that Git executes before or after events such as commit, push, and receive. Pre-commit hooks are useful in detecting...
Read more >Stranger danger — Prevent the leaking of secrets ... - Weiyuan
1. Install pre-commit and detect-secrets with pip (and install pip if you don't have it) · 2. Add the pre-commit configuration to your...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@daveqnet I’m enjoying this thread and your findings! Thanks for putting in this work
Gitleaks is the one that I happen to be the most familiar with. It works well, but I don’t feel strongly about the tool that we integrate.
If it’s only free for OSS, then keep in mind that we also have private repos where we’ll be developing connectors and other tools that integrate 3rd party APIs. Ideally we don’t need to integrate multiple tools.
I agree with Paul - a pre-commit hook is where we should enforce things. It’s true that it would be less “noisy” on pre-push, but if you only learn about your mistake after it’s already made, then you have the cognitive load of dealing with cleanup. The pre-commit hook is intended to be used to prevent those mistakes from being made at all, and the check should pass for 99% of commits anyway.
I wouldn’t call my opinion on this strong, but I prefer to avoid adding dependencies whenever possible. I’ve never had an issue setting up native git hooks, so the dependency feels unnecessary here.