chrisdlangton/.gitconfig

## .gitconfig
[secrets]
	providers = git secrets --aws-provider
	patterns = (A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}
	patterns = (\"|')?(AWS|aws|Aws)?_?(SECRET|secret|Secret)?_?(ACCESS|access|Access)?_?(KEY|key|Key)(\"|')?\\s*(:|=>|=)\\s*(\"|')?[A-Za-z0-9/\\+=]{40}(\"|')?
	patterns = (\"|')?(AWS|aws|Aws)?_?(ACCOUNT|account|Account)_?(ID|id|Id)?(\"|')?\\s*(:|=>|=)\\s*(\"|')?[0-9]{4}\\-?[0-9]{4}\\-?[0-9]{4}(\"|')?
	allowed = AKIAIOSFODNN7EXAMPLE
	allowed = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
	patterns = private_key
	patterns = client_email
	patterns = private_key_id
	patterns = (kubectl create secret).+(--from-literal)
	patterns = (kind: Secret)*(data:)*(password:)
	patterns = (secretGenerator)*(literals:)*(password=)
	patterns = terraform\\.tfvars
	patterns = (bash_|zsh_|mysql_|psql_|irb_)history
	patterns = (bash|zsh)rc
	patterns = .?gitconfig
	patterns = .?pgpass
	patterns = .?htpasswd
	patterns = .?aws/credentials
	patterns = .?git-credentials
	patterns = .?gem/credentials
	patterns = opvn
	patterns = secret_token\\.rb
	patterns = schema\\.rb
	patterns = settings\\.py
	patterns = agilekeychain
	patterns = \\.kdb
	patterns = \\.kdbx
	patterns = \bprivate_key.*\b
	patterns = ^(\"|')?Basic [A-Za-z0-9\\+=]{60}(\"|')?$

## run.sh
#!/usr/bin/env bash
readonly LOG_FILE="$(pwd)/git-secrets-output.log"
touch $LOG_FILE
exec 1>$LOG_FILE
exec 2>&1

if [[ $EUID -eq 0 ]]; then
   echo "This script must not be run as root"
   exit 1
fi

git secrets $@

## setup.sh
#!/usr/bin/env bash
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[0;33m'
NC='\033[0m' # No Color

if [[ $EUID -eq 0 ]]; then
   echo -e "${RED}x${NC} This script must not be run as root"
   exit 1
fi

CWD=$(pwd)
WORKDIR=${HOME}/workspace

mkdir -p ${WORKDIR}
cd ${WORKDIR}

if [[ ! -d ${repo} ]]; then
  echo -e "${YELLOW}>${NC} Installing git-secrets"
  git clone https://github.com/awslabs/git-secrets
  cd git-secrets
  make install && \
    echo -e "${GREEN}✔${NC} Installed git-secrets"
fi
echo -e "${YELLOW}>${NC} Register AWS git-secrets"
git secrets --register-aws --global && \
  echo -e "${GREEN}✔${NC} AWS registered"

echo -e "${YELLOW}>${NC} Configure git-secrets hooks for git clone"
git secrets --install -f ${HOME}/.git-templates/git-secrets && \
  git config --global init.templateDir ${HOME}/.git-templates/git-secrets && \
  echo -e "${GREEN}✔${NC} Global hooks registered"

# git config --get-all secrets.patterns
echo -e "${GREEN}✔${NC} DONE"
	[secrets]
	providers = git secrets --aws-provider
	patterns = (A3T[A-Z0-9]\|AKIA\|AGPA\|AIDA\|AROA\|AIPA\|ANPA\|ANVA\|ASIA)[A-Z0-9]{16}
	patterns = (\"\|')?(AWS\|aws\|Aws)?_?(SECRET\|secret\|Secret)?_?(ACCESS\|access\|Access)?_?(KEY\|key\|Key)(\"\|')?\\s(:\|=>\|=)\\s(\"\|')?[A-Za-z0-9/\\+=]{40}(\"\|')?
	patterns = (\"\|')?(AWS\|aws\|Aws)?_?(ACCOUNT\|account\|Account)_?(ID\|id\|Id)?(\"\|')?\\s(:\|=>\|=)\\s(\"\|')?[0-9]{4}\\-?[0-9]{4}\\-?[0-9]{4}(\"\|')?
	allowed = AKIAIOSFODNN7EXAMPLE
	allowed = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
	patterns = private_key
	patterns = client_email
	patterns = private_key_id
	patterns = (kubectl create secret).+(--from-literal)
	patterns = (kind: Secret)(data:)(password:)
	patterns = (secretGenerator)(literals:)(password=)
	patterns = terraform\\.tfvars
	patterns = (bash_\|zsh_\|mysql_\|psql_\|irb_)history
	patterns = (bash\|zsh)rc
	patterns = .?gitconfig
	patterns = .?pgpass
	patterns = .?htpasswd
	patterns = .?aws/credentials
	patterns = .?git-credentials
	patterns = .?gem/credentials
	patterns = opvn
	patterns = secret_token\\.rb
	patterns = schema\\.rb
	patterns = settings\\.py
	patterns = agilekeychain
	patterns = \\.kdb
	patterns = \\.kdbx
	patterns = \bprivate_key.*\b
	patterns = ^(\"\|')?Basic [A-Za-z0-9\\+=]{60}(\"\|')?$
	#!/usr/bin/env bash
	readonly LOG_FILE="$(pwd)/git-secrets-output.log"
	touch $LOG_FILE
	exec 1>$LOG_FILE
	exec 2>&1

	if [[ $EUID -eq 0 ]]; then
	echo "This script must not be run as root"
	exit 1
	fi

	git secrets $@
	#!/usr/bin/env bash
	RED='\033[0;31m'
	GREEN='\033[0;32m'
	YELLOW='\033[0;33m'
	NC='\033[0m' # No Color

	if [[ $EUID -eq 0 ]]; then
	echo -e "${RED}x${NC} This script must not be run as root"
	exit 1
	fi

	CWD=$(pwd)
	WORKDIR=${HOME}/workspace

	mkdir -p ${WORKDIR}
	cd ${WORKDIR}

	if [[ ! -d ${repo} ]]; then
	echo -e "${YELLOW}>${NC} Installing git-secrets"
	git clone https://github.com/awslabs/git-secrets
	cd git-secrets
	make install && \
	echo -e "${GREEN}✔${NC} Installed git-secrets"
	fi
	echo -e "${YELLOW}>${NC} Register AWS git-secrets"
	git secrets --register-aws --global && \
	echo -e "${GREEN}✔${NC} AWS registered"

	echo -e "${YELLOW}>${NC} Configure git-secrets hooks for git clone"
	git secrets --install -f ${HOME}/.git-templates/git-secrets && \
	git config --global init.templateDir ${HOME}/.git-templates/git-secrets && \
	echo -e "${GREEN}✔${NC} Global hooks registered"

	# git config --get-all secrets.patterns
	echo -e "${GREEN}✔${NC} DONE"