search sensitive words in git history

omg-git.git-show.sh

#!/usr/bin/env bash

NOT_GIT_REPO=1

if $(git rev-list --all &>/dev/null)
then
    echo "Detect git repo, continue now..."
else
    echo "Could not find any git repo here!"
    exit $NOT_GIT_REPO
fi

mkdir -p tmp/
THREADS=20
DATETIME="$(date '+%Y-%m-%dT%H:%M:%S')"
REPORT_FILE_NAME="tmp/git-report_$DATETIME.omg"

echo "CREATED AT:  $(date)" > $REPORT_FILE_NAME
echo "PATH: $(pwd)" >> $REPORT_FILE_NAME

# Search something like:
# password = "ss", or not space
# password = 'ss', or not space
# password: 'ss'
# something['password'] = 'ss'
# something["password"] = 'ss'
SEARCH_PATTERN="^diff\s|^\+.*(password|api_key|app_key|access_id|access_key|secret|license|token|app_id)(['\"]?\]?\s?[:=]>?\s?)+|[0-9A-Za-z\-]{16,128}['\"]"
DIRECTORIES="app/**/*.(rb|js) config/ db/ lib/ test/"
if (ls spec/ &>/dev/null)
then
  DIRECTORIES="$DIRECTORIES spec/"
fi
echo "Will search in folders: $DIRECTORIES"

git rev-list --all | (
    while read revision; do
        git show -b --format= $revision $DIRECTORIES | awk -v revision="$revision" '{ if ($1 == "diff") { print $0"@"revision } else { print $0 } }' | grep -E $SEARCH_PATTERN
        # git show -b --format= $revision $DIRECTORIES | grep -b -E $SEARCH_PATTERN
    done
) >> $REPORT_FILE_NAME

STATS=$(cat <<-GIT_REPO_STATS
total revisions count: $(git rev-list --all | wc -l)
total matched lines: $(wc -l $REPORT_FILE_NAME)
GIT_REPO_STATS
)

echo "FINISHED! The below shows repo stats:"
echo ">===================================<"
echo "$STATS"
echo ">===================================<"
echo "Now please open \"$REPORT_FILE_NAME\" to check informations!"

omg-git.sh

#!/usr/bin/env bash

NOT_GIT_REPO=1

if $(git rev-list --all > /dev/null)
then
    echo "Detect git repo, continue now..."
else
    exit $NOT_GIT_REPO
fi

mkdir -p tmp/
THREADS=20
DATETIME="$(date '+%Y-%m-%dT%H:%M:%S')"
REPORT_FILE_NAME="tmp/git-report_$DATETIME.omg"

echo "CREATED AT:  $(date)" > $REPORT_FILE_NAME
echo "PATH: $(pwd)" >> $REPORT_FILE_NAME

# Search something like:
# password = "ss", or not space
# password = 'ss', or not space
# password: 'ss'
# something['password'] = 'ss'
# something["password"] = 'ss'
SEARCH_PATTERN="(password|api_key|app_key|secret|token|app_id)(['\"]?]?\s?[:=]>?\s?['\"])+|['\"][0-9A-Za-z\-]{16,128}['\"]"
DIRECTORIES="app/**/*.(rb|js) config/ db/ lib/ test/ spec/"
git rev-list --all | (
    while read revision; do
        git grep -n --threads $THREADS --break -I -E $SEARCH_PATTERN $revision -- $DIRECTORIES
    done
) >> $REPORT_FILE_NAME

STATS=$(cat <<-GIT_REPO_STATS
total revisions count: $(git rev-list --all | wc -l)
total matched lines: $(wc -l $REPORT_FILE_NAME)
GIT_REPO_STATS
)

echo "FINISHED! The below shows repo stats:"
echo ">===================================<"
echo "$STATS"
echo ">===================================<"
echo "Now please open \"$REPORT_FILE_NAME\" to check informations!"

search_sensitive_git_commits.sh

git rev-list --all | (
    while read revision; do
        git grep -F 'password' $revision
    done
) > tmp/rev-list.log

# search in all revisions with extened regular expression
git rev-list --all | (
    while read revision; do
        git grep -E "password|api_key|app_key|secret|token|app_id|[0-9A-Za-z\-]{16,128}" $revision
    done
) > tmp/rev-list.log

# search in only specified folders
git rev-list --all | (
    while read revision; do
        git grep -n --break -I --color=always -E "password|api_key|app_key|license|secret|token|app_id|['\"][0-9A-Za-z\-]{16,128}['\"]" $revision -- app/**/*.(rb|js) config/ db/ lib/ test/ spec/
    done
) > tmp/rev-list.log

# search in only specified folders and glob style extension file names
git rev-list --all | (
    while read revision; do
        git grep -n --break -C 1 -I -E "password|api_key|app_key|secret|token|app_id|['\"][0-9A-Za-z\-]{16,128}['\"]" $revision -- app/**/*.(rb|js) config/ db/ lib/ test/ spec/
    done
) > tmp/rev-list.log

# Visit https://ibb.co/hnbvDR to see the demo