add gitleaks (nashtech-garage#985)

* add gitleaks

.github/workflows/nightly-check.yaml

@@ -0,0 +1,12 @@
+name: // At the end of every day
+on:
+  schedule:
+    - cron: "0 0 * * *"
+jobs:
+  check:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Gitleaks check
+        run: |
+          docker pull zricethezav/gitleaks:v8.18.4
+          docker run --rm -v ${{ github.workspace }}:/work -w /work zricethezav/gitleaks:v8.18.4 detect --source="." --config="/work/gitleaks.toml" --verbose --no-git

.gitleaksignore

@@ -0,0 +1,9 @@
+k8s/charts/yas-configuration/values.yaml:generic-api-key:7
+k8s/charts/yas-configuration/values.yaml:generic-api-key:9
+k8s/deploy/cluster-config.yaml:generic-api-key:13
+k8s/deploy/README.md:generic-api-key:80
+k8s/deploy/README.md:generic-api-key:97
+k8s/deploy/README.md:generic-api-key:99
+payment/src/main/resources/db/changelog/data/changelog-0001-provider.sql:generic-api-key:5
+payment/src/main/resources/db/changelog/data/changelog-0001-provider.sql:generic-api-key:5
+payment/src/main/resources/db/changelog/data/changelog-0001-provider.sql:generic-api-key:5

backoffice-bff/src/main/resources/application.yaml

@@ -18,7 +18,7 @@ spring:
           api-client:
             provider: keycloak
             client-id: backoffice-bff
-            client-secret: TVacLC0cQ8tiiEKiTVerTb2YvwQ1TRJF
+            client-secret: TVacLC0cQ8tiiEKiTVerTb2YvwQ1TRJF #gitleaks:allow
             scope: openid, profile, email, roles
 management:
   tracing:

customer/src/it/resources/application.properties

@@ -11,7 +11,7 @@ spring.profiles.active=test
 keycloak.auth-server-url=http://identity
 keycloak.realm=Yas
 keycloak.resource=customer-management
-keycloak.credentials.secret=NKAr3rnjwm9jlakgKpelukZGFaHYqIWE
+keycloak.credentials.secret=NKAr3rnjwm9jlakgKpelukZGFaHYqIWE #gitleaks:allow
 
 spring.security.oauth2.resourceserver.jwt.issuer-uri=test
 springdoc.oauthflow.authorization-url=test

customer/src/main/resources/application.properties

@@ -31,7 +31,7 @@ spring.liquibase.enabled=true
 keycloak.auth-server-url=http://identity
 keycloak.realm=Yas
 keycloak.resource=customer-management
-keycloak.credentials.secret=NKAr3rnjwm9jlakgKpelukZGFaHYqIWE
+keycloak.credentials.secret=NKAr3rnjwm9jlakgKpelukZGFaHYqIWE #gitleaks:allow
 
 # swagger-ui custom path
 springdoc.swagger-ui.path=/swagger-ui

gitleaks.toml

@@ -0,0 +1,24 @@
+# Title for the gitleaks configuration file.
+title = "Gitleaks title"
+
+# Extend the base (this) configuration. When you extend a configuration
+# the base rules take precedence over the extended rules. I.e., if there are
+# duplicate rules in both the base configuration and the extended configuration
+# the base rules will override the extended rules.
+# Another thing to know with extending configurations is you can chain together
+# multiple configuration files to a depth of 2. Allowlist arrays are appended
+# and can contain duplicates.
+# useDefault and path can NOT be used at the same time. Choose one.
+[extend]
+# useDefault will extend the base configuration with the default gitleaks config:
+# https://github.com/zricethezav/gitleaks/blob/master/config/gitleaks.toml
+useDefault = true
+
+[allowlist]
+description = "global allow list"
+paths = [
+  '''test-realm.json''',
+  '''realm-export''',
+  '''keycloak-yas-realm-import.yaml''',
+  '''target'''
+]

storefront-bff/src/main/resources/application.yaml

@@ -18,7 +18,7 @@ spring:
           keycloak:
             provider: keycloak
             client-id: storefront-bff
-            client-secret: ZrU9I0q2uXBglBnmvyJdkl1lf0ncr8tn
+            client-secret: ZrU9I0q2uXBglBnmvyJdkl1lf0ncr8tn #gitleaks:allow
             scope: openid, profile, email, roles
 management:
   metrics: