Skip to content

feat: added functionality to rosemary to detect secrets #51

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
DelfinSR wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat: added functionality to rosemary to detect secrets #51

DelfinSR wants to merge 1 commit into from

Conversation

@DelfinSR
Copy link

@DelfinSR DelfinSR commented Feb 5, 2025

A new functionality has been added to rosemary to search for secrets.

$ rosemary detect_secrets --help
Usage: rosemary detect_secrets [OPTIONS] [SPECIFIED_PATH]

  Runs detect-secrets to check if there are any plaintext secret in the source
  code. By default it only checks tracked files.

Options:
  --all_files        Scans all files.
  --baseline         Use baseline file
  --add_to_baseline  Adds all detected secrets to baseline file to don't show
                     them as secrets.
  --help             Show this message and exit.

This new functionality can be used to create a pre-commit hook that avoids to commit secrets.

#!/bin/bash
rosemary detect_secrets --all_files --baseline > /dev/null

 if [ $? -eq 1 ]
 then
    echo "You can't commit yet. You may be leaking secrets...run 'rosemary detect_secrets --all_files --add_to_baseline' before continuing"
    exit 1
 fi

A tutorial on how to use this new functionality can be found at this link (you have to scroll a little bit till this line)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@DelfinSR