diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..ddbb266 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,8 @@ +repos: +- repo: https://github.com/Yelp/detect-secrets + rev: v1.5.0 + hooks: + - id: detect-secrets + name : Detect secrets + # Optional arguments: + args: ["--baseline", ".secrets.baseline"] diff --git a/.secrets.baseline b/.secrets.baseline new file mode 100644 index 0000000..ea0a2ef --- /dev/null +++ b/.secrets.baseline @@ -0,0 +1,448 @@ +{ + "version": "1.5.0", + "plugins_used": [ + { + "name": "ArtifactoryDetector" + }, + { + "name": "AWSKeyDetector" + }, + { + "name": "AzureStorageKeyDetector" + }, + { + "name": "Base64HighEntropyString", + "limit": 4.5 + }, + { + "name": "BasicAuthDetector" + }, + { + "name": "CloudantDetector" + }, + { + "name": "DiscordBotTokenDetector" + }, + { + "name": "GitHubTokenDetector" + }, + { + "name": "GitLabTokenDetector" + }, + { + "name": "HexHighEntropyString", + "limit": 3.0 + }, + { + "name": "IbmCloudIamDetector" + }, + { + "name": "IbmCosHmacDetector" + }, + { + "name": "IPPublicDetector" + }, + { + "name": "JwtTokenDetector" + }, + { + "name": "KeywordDetector", + "keyword_exclude": "" + }, + { + "name": "MailchimpDetector" + }, + { + "name": "NpmDetector" + }, + { + "name": "OpenAIDetector" + }, + { + "name": "PrivateKeyDetector" + }, + { + "name": "PypiTokenDetector" + }, + { + "name": "SendGridDetector" + }, + { + "name": "SlackDetector" + }, + { + "name": "SoftlayerDetector" + }, + { + "name": "SquareOAuthDetector" + }, + { + "name": "StripeDetector" + }, + { + "name": "TelegramBotTokenDetector" + }, + { + "name": "TwilioKeyDetector" + } + ], + "filters_used": [ + { + "path": "detect_secrets.filters.allowlist.is_line_allowlisted" + }, + { + "path": "detect_secrets.filters.common.is_baseline_file", + "filename": ".secrets.baseline" + }, + { + "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies", + "min_level": 2 + }, + { + "path": "detect_secrets.filters.heuristic.is_indirect_reference" + }, + { + "path": "detect_secrets.filters.heuristic.is_likely_id_string" + }, + { + "path": "detect_secrets.filters.heuristic.is_lock_file" + }, + { + "path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string" + }, + { + "path": "detect_secrets.filters.heuristic.is_potential_uuid" + }, + { + "path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign" + }, + { + "path": "detect_secrets.filters.heuristic.is_sequential_string" + }, + { + "path": "detect_secrets.filters.heuristic.is_swagger_file" + }, + { + "path": "detect_secrets.filters.heuristic.is_templated_secret" + } + ], + "results": { + "dependencies/direct_access_client/README.md": [ + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/README.md", + "hashed_secret": "99d2c91e4b0918109da4e4f226abdc3390f7b606", + "is_verified": false, + "line_number": 114, + "is_secret": false + } + ], + "dependencies/direct_access_client/app/backend/src/main.rs": [ + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/app/backend/src/main.rs", + "hashed_secret": "0068d90bd2888c9985beebedae95ebc166833b25", + "is_verified": false, + "line_number": 32, + "is_secret": false + }, + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/app/backend/src/main.rs", + "hashed_secret": "f15426859be5cc9f08f2a41804deed42176398cd", + "is_verified": false, + "line_number": 38, + "is_secret": false + } + ], + "dependencies/direct_access_client/app/cancel_job/src/main.rs": [ + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/app/cancel_job/src/main.rs", + "hashed_secret": "0068d90bd2888c9985beebedae95ebc166833b25", + "is_verified": false, + "line_number": 47, + "is_secret": false + }, + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/app/cancel_job/src/main.rs", + "hashed_secret": "f15426859be5cc9f08f2a41804deed42176398cd", + "is_verified": false, + "line_number": 53, + "is_secret": false + } + ], + "dependencies/direct_access_client/app/delete_job/src/main.rs": [ + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/app/delete_job/src/main.rs", + "hashed_secret": "0068d90bd2888c9985beebedae95ebc166833b25", + "is_verified": false, + "line_number": 43, + "is_secret": false + }, + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/app/delete_job/src/main.rs", + "hashed_secret": "f15426859be5cc9f08f2a41804deed42176398cd", + "is_verified": false, + "line_number": 49, + "is_secret": false + } + ], + "dependencies/direct_access_client/app/job_details/src/main.rs": [ + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/app/job_details/src/main.rs", + "hashed_secret": "0068d90bd2888c9985beebedae95ebc166833b25", + "is_verified": false, + "line_number": 44, + "is_secret": false + }, + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/app/job_details/src/main.rs", + "hashed_secret": "f15426859be5cc9f08f2a41804deed42176398cd", + "is_verified": false, + "line_number": 50, + "is_secret": false + } + ], + "dependencies/direct_access_client/app/list_jobs/src/main.rs": [ + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/app/list_jobs/src/main.rs", + "hashed_secret": "0068d90bd2888c9985beebedae95ebc166833b25", + "is_verified": false, + "line_number": 31, + "is_secret": false + }, + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/app/list_jobs/src/main.rs", + "hashed_secret": "f15426859be5cc9f08f2a41804deed42176398cd", + "is_verified": false, + "line_number": 37, + "is_secret": false + } + ], + "dependencies/direct_access_client/app/run_job/src/main.rs": [ + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/app/run_job/src/main.rs", + "hashed_secret": "0068d90bd2888c9985beebedae95ebc166833b25", + "is_verified": false, + "line_number": 71, + "is_secret": false + }, + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/app/run_job/src/main.rs", + "hashed_secret": "f15426859be5cc9f08f2a41804deed42176398cd", + "is_verified": false, + "line_number": 77, + "is_secret": false + } + ], + "dependencies/direct_access_client/app/run_primitive/src/main.rs": [ + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/app/run_primitive/src/main.rs", + "hashed_secret": "0068d90bd2888c9985beebedae95ebc166833b25", + "is_verified": false, + "line_number": 59, + "is_secret": false + }, + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/app/run_primitive/src/main.rs", + "hashed_secret": "f15426859be5cc9f08f2a41804deed42176398cd", + "is_verified": false, + "line_number": 65, + "is_secret": false + } + ], + "dependencies/direct_access_client/src/api/backend_config.rs": [ + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/src/api/backend_config.rs", + "hashed_secret": "99d2c91e4b0918109da4e4f226abdc3390f7b606", + "is_verified": false, + "line_number": 29, + "is_secret": false + } + ], + "dependencies/direct_access_client/src/api/backend_details.rs": [ + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/src/api/backend_details.rs", + "hashed_secret": "99d2c91e4b0918109da4e4f226abdc3390f7b606", + "is_verified": false, + "line_number": 28, + "is_secret": false + } + ], + "dependencies/direct_access_client/src/api/backend_props.rs": [ + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/src/api/backend_props.rs", + "hashed_secret": "99d2c91e4b0918109da4e4f226abdc3390f7b606", + "is_verified": false, + "line_number": 28, + "is_secret": false + } + ], + "dependencies/direct_access_client/src/api/backend_pulse_defaults.rs": [ + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/src/api/backend_pulse_defaults.rs", + "hashed_secret": "99d2c91e4b0918109da4e4f226abdc3390f7b606", + "is_verified": false, + "line_number": 29, + "is_secret": false + } + ], + "dependencies/direct_access_client/src/api/cancel_job.rs": [ + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/src/api/cancel_job.rs", + "hashed_secret": "99d2c91e4b0918109da4e4f226abdc3390f7b606", + "is_verified": false, + "line_number": 31, + "is_secret": false + } + ], + "dependencies/direct_access_client/src/api/delete_job.rs": [ + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/src/api/delete_job.rs", + "hashed_secret": "99d2c91e4b0918109da4e4f226abdc3390f7b606", + "is_verified": false, + "line_number": 30, + "is_secret": false + } + ], + "dependencies/direct_access_client/src/api/job_details.rs": [ + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/src/api/job_details.rs", + "hashed_secret": "99d2c91e4b0918109da4e4f226abdc3390f7b606", + "is_verified": false, + "line_number": 28, + "is_secret": false + } + ], + "dependencies/direct_access_client/src/api/job_status.rs": [ + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/src/api/job_status.rs", + "hashed_secret": "99d2c91e4b0918109da4e4f226abdc3390f7b606", + "is_verified": false, + "line_number": 28, + "is_secret": false + } + ], + "dependencies/direct_access_client/src/api/job_wait_for_final_state.rs": [ + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/src/api/job_wait_for_final_state.rs", + "hashed_secret": "99d2c91e4b0918109da4e4f226abdc3390f7b606", + "is_verified": false, + "line_number": 32, + "is_secret": false + } + ], + "dependencies/direct_access_client/src/api/list_backends.rs": [ + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/src/api/list_backends.rs", + "hashed_secret": "99d2c91e4b0918109da4e4f226abdc3390f7b606", + "is_verified": false, + "line_number": 28, + "is_secret": false + } + ], + "dependencies/direct_access_client/src/api/list_jobs.rs": [ + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/src/api/list_jobs.rs", + "hashed_secret": "99d2c91e4b0918109da4e4f226abdc3390f7b606", + "is_verified": false, + "line_number": 28, + "is_secret": false + } + ], + "dependencies/direct_access_client/src/api/run_job.rs": [ + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/src/api/run_job.rs", + "hashed_secret": "99d2c91e4b0918109da4e4f226abdc3390f7b606", + "is_verified": false, + "line_number": 53, + "is_secret": false + } + ], + "dependencies/direct_access_client/src/api/run_primitive.rs": [ + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/src/api/run_primitive.rs", + "hashed_secret": "99d2c91e4b0918109da4e4f226abdc3390f7b606", + "is_verified": false, + "line_number": 51, + "is_secret": false + } + ], + "dependencies/direct_access_client/src/client.rs": [ + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/src/client.rs", + "hashed_secret": "99d2c91e4b0918109da4e4f226abdc3390f7b606", + "is_verified": false, + "line_number": 270, + "is_secret": false + } + ], + "dependencies/direct_access_client/src/models/backend_configuration.rs": [ + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/src/models/backend_configuration.rs", + "hashed_secret": "99d2c91e4b0918109da4e4f226abdc3390f7b606", + "is_verified": false, + "line_number": 95, + "is_secret": false + } + ], + "dependencies/direct_access_client/src/models/backend_properties.rs": [ + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/src/models/backend_properties.rs", + "hashed_secret": "99d2c91e4b0918109da4e4f226abdc3390f7b606", + "is_verified": false, + "line_number": 52, + "is_secret": false + } + ], + "dependencies/direct_access_client/tests/versions.rs": [ + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/tests/versions.rs", + "hashed_secret": "0068d90bd2888c9985beebedae95ebc166833b25", + "is_verified": false, + "line_number": 61, + "is_secret": false + } + ], + "src/ibm/tests/qiskit_runtime_service.rs": [ + { + "type": "Secret Keyword", + "filename": "src/ibm/tests/qiskit_runtime_service.rs", + "hashed_secret": "829c3804401b0727f70f73d4415e162400cbe57b", + "is_verified": false, + "line_number": 34, + "is_secret": false + } + ] + }, + "generated_at": "2026-03-25T20:41:30Z" +} diff --git a/README.md b/README.md index b193b79..1a59d9a 100644 --- a/README.md +++ b/README.md @@ -182,6 +182,50 @@ QRMI is used in Slurm plugin to control quantum resources during lifetime of Slu See implementation and documentation of [Slurm plugin for quantum resources here](https://github.com/qiskit-community/spank-plugins). +---- + +### Pre-commit detect-secrets +`detect-secrets` is an open-source, developer-friendly tool designed to scan +codebases for mistakenly committed secrets—such as API keys, passwords, and +private tokens—before they leak. To keep our credentials secure, we recommend +that all developers integrate this into their workflow using the following +instructions. + +* Prerequisites: Before you begin, ensure you have a Python virtual environment + (venv) active. You will need to install pre-commit, which manages the hooks + that run detect-secrets automatically. + +``` +pip install pre-commit +pre-commit install +``` +Please find `.pre-commit-config.yaml` for the initial setup. +Following command was used to generate `.secrets.baseline` and to maximize the +detection coverage. +``` +detect-secrets scan --force-use-all-plugins > .secrets.baseline +``` +**Handling False Positives** +If the pre-commit hook identifies a secret that you have verified is not +sensitive (a false positive), please use the following command to audit and +update the baseline file. Once updated, include the modified .secrets.baseline +in your Pull Request to ensure the pre-commit passes in the future. +``` +pip install detect-secrets +detect-secrets scan --baseline .secrets.baseline +detect-secrets audit .secrets.baseline +``` +**Manual Execution and Overrides** +To manually trigger a scan of all files in the repository for a local sanity check, execute the following command: +``` +pre-commit run --all-files +``` + +**Bypassing the Hook (Not Recommended)** +While not recommended, if you must force a commit without running the pre-commit checks (e.g., during an emergency fix), you may use the `--no-verify` flag: +``` +git commit -m "Your message" --no-verify +``` ----