Detect AWS credentials plugin?

[aurcioli-handy]

Are there any plans to include a plugin for detecting secrets that shouldn't be committed? Similar to the plugin for detect-aws-credentials on this project: http://pre-commit.com/hooks.html

[jish]

There are not currently any plans to add this functionality. Although we could certainly add a plugin to add whatever functionality you like.

What would the plugin do? Not being much of an expert on either AWS or Pything, from looking at this file (https://github.com/pre-commit/pre-commit-hooks/blob/master/pre_commit_hooks/detect_aws_credentials.py) it looks like the check would read a configuration file located at ~/.aws/credentials. The check would then make sure that you didn't commit your own password to the repo? Is that correct?

I personally would manage my credentials in such a way that adding my own passwords to the repo was not necessary. Maybe read passwords from the environment, or use a secrets file that is ignored by Git.

If you would like to work on this project I would be happy to help you along the way and answer any questions that you have. We have a few example plugins here https://github.com/jish/pre-commit/wiki/Plugins.

You can make your own repository and RubyGem, or we have an existing organization that we could use to store your plugin. I could make a repo and give you full access if you like https://github.com/pre-commit-plugins

There is a pre-commit new command to generate most everything you need for a new pre-commit plugin gem:

$ pre-commit new plugin-name 'Author Name' author@email 'description of the plugin'

Let me know if you have any questions or need any help! :)