🔍 Enhanced Secret Detection Test - Gitleaks Pattern Matching
🎯 Purpose
This merge request contains FAKE secrets with enhanced patterns specifically designed to match GitLab's Gitleaks detection rules.
📁 Files Added (4 files)
-
secrets_test.env- Environment variables with realistic fake patterns -
deploy_script.sh- Shell script with embedded credentials -
.gitlab-ci.yml- CI configuration with historic scan enabled -
README_ENHANCED_SECRETS.md- Documentation
🚨 Enhanced Secret Patterns (Gitleaks-Compatible)
-
AWS Access Key:
AKIAIOSFODNN7EXAMPLE(proper AKIA format) -
AWS Secret Key:
wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY(40-char) -
GitHub Tokens:
ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx -
GitHub PAT:
github_pat_11ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890 -
Slack Bot Token:
xoxb-1234567890123-1234567890123-abcdefghijklmnopqrstuvwx -
Stripe Live Key:
sk_live_abcdefghijklmnopqrstuvwxyz1234567890ABCDEF -
Stripe Publishable:
pk_live_abcdefghijklmnopqrstuvwxyz1234567890ABCDEF -
SendGrid API:
SG.abcdefghijklmnopqrstuvwx.1234567890abcdefghijklmnopqrstuvwxyz1234567890 - Database URLs: With embedded credentials
-
RSA Private Key: Proper
-----BEGIN RSA PRIVATE KEY-----format -
Docker Registry:
dckr_pat_abcdefghijklmnopqrstuvwxyz1234567890 -
Google Cloud:
AIzaSyAbcdefghijklmnopqrstuvwxyz1234567890 - Azure Client Secret: Standard format
✅ Expected Results
-
🔄 Pipeline should trigger with secret detection job -
🛡️ Gitleaks should detect multiple vulnerabilities -
📊 Security widget should populate with findings -
🚨 Multiple security alerts should appear -
🔍 Historic scan enabled for comprehensive detection
⚠️ IMPORTANT DISCLAIMER
- ALL SECRETS ARE COMPLETELY FAKE
- Designed specifically to match Gitleaks patterns
- No real credentials or sensitive data
- Safe for testing and demonstration
- Historic scan enabled for thorough detection