GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → lirantal → detect-secrets

lirantal / detect-secrets

Licence: Apache-2.0 license
A developer-friendly secrets detection tool for CI and pre-commit hooks based on Yelp's detect-secrets

Programming Languages

javascript
184084 projects - #8 most used programming language

Labels

pre-commitsecretsyelpgit-hooksgit-secretsdetect-secrets

Projects that are alternatives of or similar to detect-secrets

pre-commit
pre-commit hook terraform; pre-commit hook prometheus
Stars: ✭ 35 (-18.6%)
Mutual labels:  pre-commit, yelp
Husky.Net
Git hooks made easy with Husky.Net internal task runner! 🐶 It brings the dev-dependency concept to the .NET world!
Stars: ✭ 394 (+816.28%)
Mutual labels:  pre-commit, git-hooks
pre-commit-opa
Pre-commit git hooks for Open Policy Agent (OPA) and Rego development
Stars: ✭ 53 (+23.26%)
Mutual labels:  pre-commit, git-hooks
pre-commit-hooks-safety
A pre-commit hook to check your Python dependencies against safety-db
Stars: ✭ 69 (+60.47%)
Mutual labels:  pre-commit, git-hooks
pre-commit-hooks
git pre-commit hooks
Stars: ✭ 71 (+65.12%)
Mutual labels:  pre-commit, git-hooks
secrets cli
CLI for storing and reading your secrets via vault
Stars: ✭ 24 (-44.19%)
Mutual labels:  secrets
elastalert-tutorial
Get started with Elastalert from Yelp
Stars: ✭ 27 (-37.21%)
Mutual labels:  yelp
actions
A Collection of GitHub Actions
Stars: ✭ 91 (+111.63%)
Mutual labels:  secrets
kubernetes-credentials-plugin
Credential classes to access Kubernetes clusters
Stars: ✭ 15 (-65.12%)
Mutual labels:  secrets
SecretsManagerwithCloudFormation
Implements a Lambda-backed CloudFormation Custom Resource for AWS Secrets Manager
Stars: ✭ 20 (-53.49%)
Mutual labels:  secrets
bitw
Minimalist BitWarden client
Stars: ✭ 110 (+155.81%)
Mutual labels:  secrets
PlanSum
[AAAI2021] Unsupervised Opinion Summarization with Content Planning
Stars: ✭ 25 (-41.86%)
Mutual labels:  yelp
gcp-get-secret
A simple command line utility to get secrets from the Google Secret Manager into your environment
Stars: ✭ 35 (-18.6%)
Mutual labels:  secrets
kubecrypt
Helper for dealing with secrets in kubernetes.
Stars: ✭ 23 (-46.51%)
Mutual labels:  secrets
envkey-python
EnvKey's python library. Protect API keys and credentials. Keep configuration in sync.
Stars: ✭ 24 (-44.19%)
Mutual labels:  secrets
Game-Of-Thrones
leaked secrets of GOT ❄️ 🔥!
Stars: ✭ 30 (-30.23%)
Mutual labels:  secrets
thycotic.secretserver
PowerShell module for automating with Thycotic Secret Server REST API
Stars: ✭ 41 (-4.65%)
Mutual labels:  secrets
NextCommunity.github.io
Join FREE: Community of open-source programmers and software engineers.
Stars: ✭ 29 (-32.56%)
Mutual labels:  pre-commit
homeage
runtime decrypted age secrets for nix home manager
Stars: ✭ 43 (+0%)
Mutual labels:  secrets
random-restaurant-generator
An Android app that queries Yelp's API for a random restaurant near you
Stars: ✭ 15 (-65.12%)
Mutual labels:  yelp
View All Similar Projects ➔

detect-secrets

A developer-friendly secrets detection tool for CI and pre-commit hooks

npm version license downloads build codecov Known Vulnerabilities Security Responsible Disclosure

About

The detect-secrets npm package is a Node.js-based wrapper for Yelp's detect-secrets tool that aims to provide an accessible and developer-friendly method of introducing secrets detection in pre-commit hooks.

Yelp's detect-secrets is based on Python and requires explicit installation from developers. Moreover, its installation may be challenging in different operating systems. detect-secrets aims to alleviate this challenge by:

  1. Attempt to locate Yelp's detect-secrets tool, and if it exists in the path to execute it.

If it fails it continues to:

  1. Attempt to locate the docker binary and if it exists it will download and execute the docker container for lirantal/detect-secrets which has Yelp's detect-secrets inside the image.

If this fails as well:

  1. Exit with a warning message

--

The above described fallback strategy is used to find an available method of executing the detect-secrets tool to protect the developer from leaking secrets into source code control.

Install

npm install --save detect-secrets

This will expose detect-secrets-launcher Node.js executable file.

Another way to invoke it is with npx which will download and execute the detect-secrets wrapper on the fly:

npx detect-secrets [arguments]

Usage

If you're using husky to manage pre-commit hooks configuration, then enabling secrets detection is as simple as adding another hook entry.

"husky": {
    "hooks": {
      "pre-commit": "detect-secrets-launcher src/*"
    }
  }

If you're using husky and lint-staged to manage pre-commit hooks configuration and running static code analysis on staged files, then enabling secrets detection is as simple as adding another lint-staged entry.

A typical setup will look like this as an example:

"husky": {
  "hooks": {
    "pre-commit": "lint-staged"
  },
},
"lint-staged": {
  "linters": {
    "**/*.js": [
      "detect-secrets-launcher --baseline .secrets-baseline"
    ]
  }
}

If you're not using a baseline file (it is created using Yelp's server-side detect-secrets tool) then you can simply omit this out and keep it as simple as detect-secrets-launcher.

Example

To scan the index.js file within a repository for the potential of leaked secrets inside it run the following:

detect-secrets-launcher index.js

Note that index.js has to be staged and versioned control. Any other plain file that is not known to git will not be scanned.

Contributing

Please consult CONTIRBUTING for guidelines on contributing to this project.

Author

detect-secrets © Liran Tal, Released under the Apache-2.0 License.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].