This repository contains
.pre-commit-config.yaml
for pre-commit to set up the pre-commit hook for the local environment and the pre-commit CI for the remote repository.- The default baseline file
.secrets.baseline
for the open-source tool detect secret, used to compare against the current codebase to detect any new secrets. - Additional customized plugins to provide additional secret types for the tool to detect. These plugins meet the needs from the SLIM community based on the issue ticket: Automated checking for general sensitive information within Git. Please see categories and links below for more details.
├── .pre-commit-config.yaml
├── .detect-secrets
├── .secrets.baseline
├── plugins
│ ├── absolute_filepath.py
│ ├── aws_sensitive_info.py
│ ├── email_address.py
│ └── ip_address.py
Note: We are in the progress of contributing these general plugins back to the
detect-secrets
community. Once they are accepted, we will remove them from this repository and use the official plugins instead.
- AWS Sensitive Information detection
- IP Address detection
- Email Address detection
- Absolute Path detection
This plugin is designed to detect AWS sensitive information mentioned in this discussion. Below is the list of secret types that this plugin can detect:
- AWS account id
- A 12-digit number, such as 123456789012
- AWS ARN
- AWS security group id
sg-
followed by 8 or 17 hexadecimal characters- For example,
sg-02ce123456e7893c7
- AWS VPC id
vpc-
followed by 8 or 17 hexadecimal characters- For example,
vpc-1a2b3c4d5e6f1a2b3
- AWS subnet id
subnet-
followed by 8 or 17 hexadecimal characters
- AWS bucket name
- AWS hostname
Check implementation here to learn more about the regex used in this plugin.
This plugin is designed to detect IP address mentioned in this discussion
This plugin is designed to detect email address with few exceptions for common email address, such as git@
This plugin is designed to detect absolute path.