Skip to content

🔒 Add git-leaks pre-commit hook for secret detection#107

Merged
lucas2brh merged 2 commits intomainfrom
git-leaks
Aug 11, 2025
Merged

🔒 Add git-leaks pre-commit hook for secret detection#107
lucas2brh merged 2 commits intomainfrom
git-leaks

Conversation

@Ramarti
Copy link
Contributor

@Ramarti Ramarti commented Aug 8, 2025

🔒 Add Git-leaks Pre-commit Hook

This PR adds a pre-commit configuration with git-leaks to automatically detect and prevent commits containing secrets, API keys, passwords, and other sensitive information.

What's Changed

  • Added .pre-commit-config.yaml with git-leaks hook
  • Configured git-leaks v8.28.0 with verbose and redacted output
  • Pre-commit hooks are now installed and active

Why This Matters

  • Security: Prevents accidental commits of sensitive data
  • Compliance: Ensures repository follows security best practices
  • Automation: Runs automatically on every commit
  • Team Safety: Protects all contributors from security mistakes

How It Works

  • Git-leaks scans all staged files before each commit
  • If secrets are detected, the commit is blocked
  • Verbose output shows what was found (redacted for security)
  • Contributors can fix issues before committing

Testing

✅ The setup has been tested and verified to work correctly
✅ Test commits containing secrets are properly blocked
✅ Normal commits without secrets proceed as expected

Next Steps

After merging this PR:

  1. All team members should run pre-commit install in their local repos
  2. Existing secrets in the repository should be rotated if any are found
  3. Consider running gitleaks detect on the entire repository history

This change enhances our security posture and helps maintain clean, secure code.

@Ramarti
Add pre-commit configuration with git-leaks
3253ff3 
This commit adds a pre-commit configuration that includes git-leaks
to automatically scan for secrets and sensitive information before
each commit. This helps prevent accidental commits of API keys,
passwords, and other sensitive data.

Features:
- Automatic secret detection using git-leaks v8.28.0
- Verbose output for transparency
- Redacted output to avoid exposing secrets in logs
- Runs on every commit to ensure security compliance
bonnie57
bonnie57 reviewed Aug 8, 2025
View reviewed changes
.pre-commit-config.yaml
- id: check-yaml
- id: check-added-large-files
- id: check-json
- id: check-merge-conflict
Copy link
Contributor

@bonnie57 bonnie57 Aug 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @Ramarti, why do we need to remove the previous configuration?

Copy link
Collaborator

@lucas2brh lucas2brh Aug 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I merged the configuration, we can merge it.

@lucas2brh lucas2brh merged commit 160b305 into main Aug 11, 2025
13 checks passed
@lucas2brh lucas2brh deleted the git-leaks branch August 11, 2025 17:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lucas2brh lucas2brh lucas2brh approved these changes

@sebsadface sebsadface Awaiting requested review from sebsadface sebsadface is a code owner

@edisonz0718 edisonz0718 Awaiting requested review from edisonz0718 edisonz0718 is a code owner

@AndyBoWu AndyBoWu Awaiting requested review from AndyBoWu AndyBoWu is a code owner

@limengformal limengformal Awaiting requested review from limengformal limengformal is a code owner

+1 more reviewer

@bonnie57 bonnie57 bonnie57 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Ramarti @lucas2brh @bonnie57