Replace ripsecrets with gitleaks
What does this MR do and why?
This MR replaces ripsecrets
, which was introduced in !103705 (merged), with gitleaks
. Switching to gitleaks
has been suggested in the original MR.
Originally it was a pre-push hook, but gitleaks is designed to work with staged files. So we've changed this git hook to a pre-commit
one.
Screenshots or screen recordings
How to set up and validate locally
- Enable Lefthook (
lefthook install
) - Install
gitleaks
- Switch to this branch (
replace-ripsecrets-with-gitleaks
) - Add a file that looks like it contains a secret key
echo "aws_secret: gW2Xs75Q2uHc9FhUCZSEV" > random_file.yml
- Stage this new file and try to create a commit
git add random_file.yml && git commit -m "Testing gitleaks"
- It should fail and print a message similar to the one in the screenshots section
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Dmitry Gruzd