From 6b983f6053007a7a4936a5135d0b0885260f9046 Mon Sep 17 00:00:00 2001 From: Eun Kyung Lee Date: Wed, 25 Mar 2026 22:45:48 +0000 Subject: [PATCH 1/3] Added detect-secrets through pre-commit package --- .pre-commit-config.yaml | 8 + .secrets.baseline | 448 ++++++++++++++++++++++++++++++++++++++++ README.md | 23 +++ 3 files changed, 479 insertions(+) create mode 100644 .pre-commit-config.yaml create mode 100644 .secrets.baseline diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..ddbb266 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,8 @@ +repos: +- repo: https://github.com/Yelp/detect-secrets + rev: v1.5.0 + hooks: + - id: detect-secrets + name : Detect secrets + # Optional arguments: + args: ["--baseline", ".secrets.baseline"] diff --git a/.secrets.baseline b/.secrets.baseline new file mode 100644 index 0000000..ea0a2ef --- /dev/null +++ b/.secrets.baseline @@ -0,0 +1,448 @@ +{ + "version": "1.5.0", + "plugins_used": [ + { + "name": "ArtifactoryDetector" + }, + { + "name": "AWSKeyDetector" + }, + { + "name": "AzureStorageKeyDetector" + }, + { + "name": "Base64HighEntropyString", + "limit": 4.5 + }, + { + "name": "BasicAuthDetector" + }, + { + "name": "CloudantDetector" + }, + { + "name": "DiscordBotTokenDetector" + }, + { + "name": "GitHubTokenDetector" + }, + { + "name": "GitLabTokenDetector" + }, + { + "name": "HexHighEntropyString", + "limit": 3.0 + }, + { + "name": "IbmCloudIamDetector" + }, + { + "name": "IbmCosHmacDetector" + }, + { + "name": "IPPublicDetector" + }, + { + "name": "JwtTokenDetector" + }, + { + "name": "KeywordDetector", + "keyword_exclude": "" + }, + { + "name": "MailchimpDetector" + }, + { + "name": "NpmDetector" + }, + { + "name": "OpenAIDetector" + }, + { + "name": "PrivateKeyDetector" + }, + { + "name": "PypiTokenDetector" + }, + { + "name": "SendGridDetector" + }, + { + "name": "SlackDetector" + }, + { + "name": "SoftlayerDetector" + }, + { + "name": "SquareOAuthDetector" + }, + { + "name": "StripeDetector" + }, + { + "name": "TelegramBotTokenDetector" + }, + { + "name": "TwilioKeyDetector" + } + ], + "filters_used": [ + { + "path": "detect_secrets.filters.allowlist.is_line_allowlisted" + }, + { + "path": "detect_secrets.filters.common.is_baseline_file", + "filename": ".secrets.baseline" + }, + { + "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies", + "min_level": 2 + }, + { + "path": "detect_secrets.filters.heuristic.is_indirect_reference" + }, + { + "path": "detect_secrets.filters.heuristic.is_likely_id_string" + }, + { + "path": "detect_secrets.filters.heuristic.is_lock_file" + }, + { + "path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string" + }, + { + "path": "detect_secrets.filters.heuristic.is_potential_uuid" + }, + { + "path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign" + }, + { + "path": "detect_secrets.filters.heuristic.is_sequential_string" + }, + { + "path": "detect_secrets.filters.heuristic.is_swagger_file" + }, + { + "path": "detect_secrets.filters.heuristic.is_templated_secret" + } + ], + "results": { + "dependencies/direct_access_client/README.md": [ + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/README.md", + "hashed_secret": "99d2c91e4b0918109da4e4f226abdc3390f7b606", + "is_verified": false, + "line_number": 114, + "is_secret": false + } + ], + "dependencies/direct_access_client/app/backend/src/main.rs": [ + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/app/backend/src/main.rs", + "hashed_secret": "0068d90bd2888c9985beebedae95ebc166833b25", + "is_verified": false, + "line_number": 32, + "is_secret": false + }, + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/app/backend/src/main.rs", + "hashed_secret": "f15426859be5cc9f08f2a41804deed42176398cd", + "is_verified": false, + "line_number": 38, + "is_secret": false + } + ], + "dependencies/direct_access_client/app/cancel_job/src/main.rs": [ + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/app/cancel_job/src/main.rs", + "hashed_secret": "0068d90bd2888c9985beebedae95ebc166833b25", + "is_verified": false, + "line_number": 47, + "is_secret": false + }, + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/app/cancel_job/src/main.rs", + "hashed_secret": "f15426859be5cc9f08f2a41804deed42176398cd", + "is_verified": false, + "line_number": 53, + "is_secret": false + } + ], + "dependencies/direct_access_client/app/delete_job/src/main.rs": [ + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/app/delete_job/src/main.rs", + "hashed_secret": "0068d90bd2888c9985beebedae95ebc166833b25", + "is_verified": false, + "line_number": 43, + "is_secret": false + }, + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/app/delete_job/src/main.rs", + "hashed_secret": "f15426859be5cc9f08f2a41804deed42176398cd", + "is_verified": false, + "line_number": 49, + "is_secret": false + } + ], + "dependencies/direct_access_client/app/job_details/src/main.rs": [ + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/app/job_details/src/main.rs", + "hashed_secret": "0068d90bd2888c9985beebedae95ebc166833b25", + "is_verified": false, + "line_number": 44, + "is_secret": false + }, + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/app/job_details/src/main.rs", + "hashed_secret": "f15426859be5cc9f08f2a41804deed42176398cd", + "is_verified": false, + "line_number": 50, + "is_secret": false + } + ], + "dependencies/direct_access_client/app/list_jobs/src/main.rs": [ + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/app/list_jobs/src/main.rs", + "hashed_secret": "0068d90bd2888c9985beebedae95ebc166833b25", + "is_verified": false, + "line_number": 31, + "is_secret": false + }, + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/app/list_jobs/src/main.rs", + "hashed_secret": "f15426859be5cc9f08f2a41804deed42176398cd", + "is_verified": false, + "line_number": 37, + "is_secret": false + } + ], + "dependencies/direct_access_client/app/run_job/src/main.rs": [ + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/app/run_job/src/main.rs", + "hashed_secret": "0068d90bd2888c9985beebedae95ebc166833b25", + "is_verified": false, + "line_number": 71, + "is_secret": false + }, + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/app/run_job/src/main.rs", + "hashed_secret": "f15426859be5cc9f08f2a41804deed42176398cd", + "is_verified": false, + "line_number": 77, + "is_secret": false + } + ], + "dependencies/direct_access_client/app/run_primitive/src/main.rs": [ + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/app/run_primitive/src/main.rs", + "hashed_secret": "0068d90bd2888c9985beebedae95ebc166833b25", + "is_verified": false, + "line_number": 59, + "is_secret": false + }, + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/app/run_primitive/src/main.rs", + "hashed_secret": "f15426859be5cc9f08f2a41804deed42176398cd", + "is_verified": false, + "line_number": 65, + "is_secret": false + } + ], + "dependencies/direct_access_client/src/api/backend_config.rs": [ + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/src/api/backend_config.rs", + "hashed_secret": "99d2c91e4b0918109da4e4f226abdc3390f7b606", + "is_verified": false, + "line_number": 29, + "is_secret": false + } + ], + "dependencies/direct_access_client/src/api/backend_details.rs": [ + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/src/api/backend_details.rs", + "hashed_secret": "99d2c91e4b0918109da4e4f226abdc3390f7b606", + "is_verified": false, + "line_number": 28, + "is_secret": false + } + ], + "dependencies/direct_access_client/src/api/backend_props.rs": [ + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/src/api/backend_props.rs", + "hashed_secret": "99d2c91e4b0918109da4e4f226abdc3390f7b606", + "is_verified": false, + "line_number": 28, + "is_secret": false + } + ], + "dependencies/direct_access_client/src/api/backend_pulse_defaults.rs": [ + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/src/api/backend_pulse_defaults.rs", + "hashed_secret": "99d2c91e4b0918109da4e4f226abdc3390f7b606", + "is_verified": false, + "line_number": 29, + "is_secret": false + } + ], + "dependencies/direct_access_client/src/api/cancel_job.rs": [ + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/src/api/cancel_job.rs", + "hashed_secret": "99d2c91e4b0918109da4e4f226abdc3390f7b606", + "is_verified": false, + "line_number": 31, + "is_secret": false + } + ], + "dependencies/direct_access_client/src/api/delete_job.rs": [ + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/src/api/delete_job.rs", + "hashed_secret": "99d2c91e4b0918109da4e4f226abdc3390f7b606", + "is_verified": false, + "line_number": 30, + "is_secret": false + } + ], + "dependencies/direct_access_client/src/api/job_details.rs": [ + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/src/api/job_details.rs", + "hashed_secret": "99d2c91e4b0918109da4e4f226abdc3390f7b606", + "is_verified": false, + "line_number": 28, + "is_secret": false + } + ], + "dependencies/direct_access_client/src/api/job_status.rs": [ + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/src/api/job_status.rs", + "hashed_secret": "99d2c91e4b0918109da4e4f226abdc3390f7b606", + "is_verified": false, + "line_number": 28, + "is_secret": false + } + ], + "dependencies/direct_access_client/src/api/job_wait_for_final_state.rs": [ + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/src/api/job_wait_for_final_state.rs", + "hashed_secret": "99d2c91e4b0918109da4e4f226abdc3390f7b606", + "is_verified": false, + "line_number": 32, + "is_secret": false + } + ], + "dependencies/direct_access_client/src/api/list_backends.rs": [ + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/src/api/list_backends.rs", + "hashed_secret": "99d2c91e4b0918109da4e4f226abdc3390f7b606", + "is_verified": false, + "line_number": 28, + "is_secret": false + } + ], + "dependencies/direct_access_client/src/api/list_jobs.rs": [ + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/src/api/list_jobs.rs", + "hashed_secret": "99d2c91e4b0918109da4e4f226abdc3390f7b606", + "is_verified": false, + "line_number": 28, + "is_secret": false + } + ], + "dependencies/direct_access_client/src/api/run_job.rs": [ + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/src/api/run_job.rs", + "hashed_secret": "99d2c91e4b0918109da4e4f226abdc3390f7b606", + "is_verified": false, + "line_number": 53, + "is_secret": false + } + ], + "dependencies/direct_access_client/src/api/run_primitive.rs": [ + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/src/api/run_primitive.rs", + "hashed_secret": "99d2c91e4b0918109da4e4f226abdc3390f7b606", + "is_verified": false, + "line_number": 51, + "is_secret": false + } + ], + "dependencies/direct_access_client/src/client.rs": [ + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/src/client.rs", + "hashed_secret": "99d2c91e4b0918109da4e4f226abdc3390f7b606", + "is_verified": false, + "line_number": 270, + "is_secret": false + } + ], + "dependencies/direct_access_client/src/models/backend_configuration.rs": [ + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/src/models/backend_configuration.rs", + "hashed_secret": "99d2c91e4b0918109da4e4f226abdc3390f7b606", + "is_verified": false, + "line_number": 95, + "is_secret": false + } + ], + "dependencies/direct_access_client/src/models/backend_properties.rs": [ + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/src/models/backend_properties.rs", + "hashed_secret": "99d2c91e4b0918109da4e4f226abdc3390f7b606", + "is_verified": false, + "line_number": 52, + "is_secret": false + } + ], + "dependencies/direct_access_client/tests/versions.rs": [ + { + "type": "Secret Keyword", + "filename": "dependencies/direct_access_client/tests/versions.rs", + "hashed_secret": "0068d90bd2888c9985beebedae95ebc166833b25", + "is_verified": false, + "line_number": 61, + "is_secret": false + } + ], + "src/ibm/tests/qiskit_runtime_service.rs": [ + { + "type": "Secret Keyword", + "filename": "src/ibm/tests/qiskit_runtime_service.rs", + "hashed_secret": "829c3804401b0727f70f73d4415e162400cbe57b", + "is_verified": false, + "line_number": 34, + "is_secret": false + } + ] + }, + "generated_at": "2026-03-25T20:41:30Z" +} diff --git a/README.md b/README.md index b193b79..1dfab2b 100644 --- a/README.md +++ b/README.md @@ -182,6 +182,29 @@ QRMI is used in Slurm plugin to control quantum resources during lifetime of Slu See implementation and documentation of [Slurm plugin for quantum resources here](https://github.com/qiskit-community/spank-plugins). +---- + +### Pre-commit detect-secrets +`detect-secrets` is an open-source, developer-friendly tool designed to scan +codebases for mistakenly committed secrets—such as API keys, passwords, and +private tokens—before they leak. To keep our credentials secure, we recommend +that all developers integrate this into their workflow using the following +instructions. + +* Prerequisites: Before you begin, ensure you have a Python virtual environment + (venv) active. You will need to install pre-commit, which manages the hooks + that run detect-secrets automatically. + +``` +pip install pre-commit +pre-commit install +``` +Please find `.pre-commit-config.yaml` for the initial setup. +Following command was used to generate `.secrets.baseline` and to maximize the +detection coverage. +``` +detect-secrets scan --force-use-all-plugins > .secrets.baseline +``` ---- From be9b7bfbe8c83167577ae346853b0e3dd1376e53 Mon Sep 17 00:00:00 2001 From: Eun Kyung Lee Date: Fri, 27 Mar 2026 01:32:46 +0000 Subject: [PATCH 2/3] Added additional pre-commit instructions --- README.md | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 1dfab2b..fe8c21f 100644 --- a/README.md +++ b/README.md @@ -201,11 +201,20 @@ pre-commit install ``` Please find `.pre-commit-config.yaml` for the initial setup. Following command was used to generate `.secrets.baseline` and to maximize the -detection coverage. +detection coverage. ``` detect-secrets scan --force-use-all-plugins > .secrets.baseline ``` - +**Handling False Positives** +If the pre-commit hook identifies a secret that you have verified is not +sensitive (a false positive), please use the following command to audit and +update the baseline file. Once updated, include the modified .secrets.baseline +in your Pull Request to ensure the pre-commit passes in the future. +``` +pip install detect-secrets +detect-secrets scan --baseline .secrets.baseline +detect-secrets audit .secrets.baseline +``` ---- ### How to Give Feedback From 693abf504c0380957d22cdd0e318b12e26469bb0 Mon Sep 17 00:00:00 2001 From: Eun Kyung Lee Date: Fri, 27 Mar 2026 01:35:51 +0000 Subject: [PATCH 3/3] Modified document (manual execution, bypassing the hook) --- README.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/README.md b/README.md index fe8c21f..1a59d9a 100644 --- a/README.md +++ b/README.md @@ -215,6 +215,18 @@ pip install detect-secrets detect-secrets scan --baseline .secrets.baseline detect-secrets audit .secrets.baseline ``` +**Manual Execution and Overrides** +To manually trigger a scan of all files in the repository for a local sanity check, execute the following command: +``` +pre-commit run --all-files +``` + +**Bypassing the Hook (Not Recommended)** +While not recommended, if you must force a commit without running the pre-commit checks (e.g., during an emergency fix), you may use the `--no-verify` flag: +``` +git commit -m "Your message" --no-verify +``` + ---- ### How to Give Feedback