Last active
March 15, 2021 22:43
-
-
Save chrisdlangton/fb0e621279d1b0ad69123add55487b87 to your computer and use it in GitHub Desktop.
git-secrets for GCP Terraform Kube Ruby Python Linux etc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[secrets] | |
providers = git secrets --aws-provider | |
patterns = (A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16} | |
patterns = (\"|')?(AWS|aws|Aws)?_?(SECRET|secret|Secret)?_?(ACCESS|access|Access)?_?(KEY|key|Key)(\"|')?\\s*(:|=>|=)\\s*(\"|')?[A-Za-z0-9/\\+=]{40}(\"|')? | |
patterns = (\"|')?(AWS|aws|Aws)?_?(ACCOUNT|account|Account)_?(ID|id|Id)?(\"|')?\\s*(:|=>|=)\\s*(\"|')?[0-9]{4}\\-?[0-9]{4}\\-?[0-9]{4}(\"|')? | |
allowed = AKIAIOSFODNN7EXAMPLE | |
allowed = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY | |
patterns = private_key | |
patterns = client_email | |
patterns = private_key_id | |
patterns = (kubectl create secret).+(--from-literal) | |
patterns = (kind: Secret)*(data:)*(password:) | |
patterns = (secretGenerator)*(literals:)*(password=) | |
patterns = terraform\\.tfvars | |
patterns = (bash_|zsh_|mysql_|psql_|irb_)history | |
patterns = (bash|zsh)rc | |
patterns = .?gitconfig | |
patterns = .?pgpass | |
patterns = .?htpasswd | |
patterns = .?aws/credentials | |
patterns = .?git-credentials | |
patterns = .?gem/credentials | |
patterns = opvn | |
patterns = secret_token\\.rb | |
patterns = schema\\.rb | |
patterns = settings\\.py | |
patterns = agilekeychain | |
patterns = \\.kdb | |
patterns = \\.kdbx | |
patterns = \bprivate_key.*\b | |
patterns = ^(\"|')?Basic [A-Za-z0-9\\+=]{60}(\"|')?$ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
readonly LOG_FILE="$(pwd)/git-secrets-output.log" | |
touch $LOG_FILE | |
exec 1>$LOG_FILE | |
exec 2>&1 | |
if [[ $EUID -eq 0 ]]; then | |
echo "This script must not be run as root" | |
exit 1 | |
fi | |
git secrets $@ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
RED='\033[0;31m' | |
GREEN='\033[0;32m' | |
YELLOW='\033[0;33m' | |
NC='\033[0m' # No Color | |
if [[ $EUID -eq 0 ]]; then | |
echo -e "${RED}x${NC} This script must not be run as root" | |
exit 1 | |
fi | |
CWD=$(pwd) | |
WORKDIR=${HOME}/workspace | |
mkdir -p ${WORKDIR} | |
cd ${WORKDIR} | |
if [[ ! -d ${repo} ]]; then | |
echo -e "${YELLOW}>${NC} Installing git-secrets" | |
git clone https://github.com/awslabs/git-secrets | |
cd git-secrets | |
make install && \ | |
echo -e "${GREEN}✔${NC} Installed git-secrets" | |
fi | |
echo -e "${YELLOW}>${NC} Register AWS git-secrets" | |
git secrets --register-aws --global && \ | |
echo -e "${GREEN}✔${NC} AWS registered" | |
echo -e "${YELLOW}>${NC} Configure git-secrets hooks for git clone" | |
git secrets --install -f ${HOME}/.git-templates/git-secrets && \ | |
git config --global init.templateDir ${HOME}/.git-templates/git-secrets && \ | |
echo -e "${GREEN}✔${NC} Global hooks registered" | |
# git config --get-all secrets.patterns | |
echo -e "${GREEN}✔${NC} DONE" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment