2. Programming Q&A
  3. git-secrets do not detected secrets - Stack Overflow

git-secrets do not detected secrets - Stack Overflow

admin2025-04-17  3

My git-secrets does not appear to detect anything and I am not finding why. Here are the steps I've taken to set it up.

brew install git-secrets
git secrets --register-aws --global
git config --global init.templateDir ~/.git-templates/git-secrets
git config --global alias.clone-secrets '!git clone "$1" && cd "$(basename "$1" .git)" && git secrets --install && git secrets --register-aws'
git secrets --install ~/.git-templates/git-secrets

Then I perform the following test

mkdir test-secrets && cd test-secrets
git init
echo "AWS_ACCESS_KEY_ID=AKIA1234567890EXAMPLE" > data.txt
git add data.txt
git commit -m "Test commit with secret"

Here is the output of the test

$ mkdir test-secrets && cd test-secrets
git init
echo "AWS_ACCESS_KEY_ID=AKIA1234567890EXAMPLE" > data.txt
git add data.txt
git commit -m "Test commit with secret"
Initialized empty Git repository in /Users/XXXXX/Documents/Projects/test-secrets/.git/
[master (root-commit) bb9cba6] Test commit with secret
 Committer: XXXXXX <[email protected]>
 1 file changed, 1 insertion(+)
 create mode 100644 data.txt

The commit go through just fine and no warning is raised. If I enter the directory and run git secrets --list the following is returned

secrets.providers git secrets --aws-provider
secrets.patterns (A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}
secrets.patterns ("|')?(AWS|aws|Aws)?_?(SECRET|secret|Secret)?_?(ACCESS|access|Access)?_?(KEY|key|Key)("|')?\s*(:|=>|=)\s*("|')?[A-Za-z0-9/\+=]{40}("|')?
secrets.patterns ("|')?(AWS|aws|Aws)?_?(ACCOUNT|account|Account)_?(ID|id|Id)?("|')?\s*(:|=>|=)\s*("|')?[0-9]{4}\-?[0-9]{4}\-?[0-9]{4}("|')?
secrets.allowed AKIAIOSFODNN7EXAMPLE
secrets.allowed wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

I have also verified the existence of the .git/hooks/pre-commit in the same directory.

#!/usr/bin/env bash
git secrets --pre_commit_hook -- "$@"

If I target the data.txt in my test manually with the git secrets --scan data.txt there is no output either, indicating it does not find any secret within the file.

Much appreciated for your assistance on this matter. My guess there's something wrong with my installed secrets and it does not properly match my tests.

Update: It appears my my secrets was incorrect with the {16} suffix and my test key was 17 in length. I am wondering if the added secrets can be improved or replaced to make it more robust?

转载请注明原文地址:http://anycun.com/QandA/1744873460a88831.html

gitsecrets do not detected secretsStack Overflow