This document guides you how to use pre-commit hook and git-secrets to prevent committing sensitive information to a git repository. Simply running git commit will trigger the verification of the git-added files.
The following dependencies or tools are required.
For macos distributions, simply run brew install.
brew install pre-commit git-secretsrun in the current repo:
pre-commit installAdds prohibited patterns to the current repo (the added patterns are stored in .git/config):
# pattern of the ak value
git secrets --add 'LTAI[A-Za-z0-9]+'
git secrets --add '[aA][cC][cC][eE][sS][sS].?[iI][dD]\s*=\s*.+'
git secrets --add '[aA][cC][cC][eE][sS][sS].?[kK][eE][yY]\s*=\s*.+'
git secrets --add '[aA][cC][cC][eE][sS][sS].?[sS][eE][cC][rR][eE][tT]\s*=\s*.+'Sometimes a regular expression might match false positives. For example, writing one line code to setup access key from a outer configuration file look a lot like the pattern of [aA][cC][cC][eE][sS][sS]*[kK][eE][yY]\s*=\s*.+. You can specify many different regular expression patterns as false positives using the following command:
git secrets --add --allowed --literal 'code line'or skip current one-time false positive
git commit --no-verify ...