Skip to content

Added detect-secrets through pre-commit package #89

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
eklee15 wants to merge 3 commits into
base: main
Choose a base branch
from
+500 −0
Draft

Added detect-secrets through pre-commit package #89

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
6b983f6
Added detect-secrets through pre-commit package
eklee15 Mar 25, 2026
be9b7bf
Added additional pre-commit instructions
eklee15 Mar 27, 2026
693abf5
Modified document (manual execution, bypassing the hook)
eklee15 Mar 27, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions .pre-commit-config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
repos:
Copy link
Collaborator

@awennersteen awennersteen Mar 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK for me to use pre-commit.

I was actually considering setting up up for some forced formatting too.

Copy link
Collaborator

@awennersteen awennersteen Mar 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we consider adding this to the CI/CD pipeline?

Copy link
Collaborator

@OkuyanBoga OkuyanBoga Mar 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree

Copy link
Collaborator Author

@eklee15 eklee15 Mar 27, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've talked to some of the developers who have used detect-secrets before, and they have noted that detect-secrets occasionally triggers false positives that can be "annoying" for the developers. Once forced, they might have more issues if they did not follow our instructions to install/use detect-secret correctly (maintenance overhead).

So we could keep this as an option, but I would suggest adding a GitHub Actions workflow to serve as a secondary sanity check for the repository - as this process will be executed at the server side, this would be "remediation," rather than the "prevention" method, ensuring our main branch remains "secret free".

Please find the discussion in this issue #85 in the Describe the solution you’d like section.

If agreed, I will create another PR to enforce this mechanism on GHA workflow.
Please let me know what you think.

- repo: https://github.com/Yelp/detect-secrets
rev: v1.5.0
hooks:
- id: detect-secrets
name : Detect secrets
# Optional arguments:
args: ["--baseline", ".secrets.baseline"]
Loading
Loading