From fedebdf6ec8fb565d1050612af5af9847af8786a Mon Sep 17 00:00:00 2001 From: Elaine Krauss Date: Wed, 25 Mar 2026 16:04:03 -0400 Subject: [PATCH 1/2] Adds _key to the list of items that git secrets is flagging, and ensures that the git secrets install script can be re-run --- install-git-secrets-hook.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/install-git-secrets-hook.sh b/install-git-secrets-hook.sh index 155d989504..12838e734a 100755 --- a/install-git-secrets-hook.sh +++ b/install-git-secrets-hook.sh @@ -29,19 +29,19 @@ GLOBAL_TOKEN= if [ "$1" == "--local" ] || [ "$1" == "-l" ]; then # Install only to the fecfile-web-api repo. - git secrets --install + git secrets --install -f else # Install globally by modifying the ~/.gitconfig file and creating # the ~/.git-support/hooks directory. - git secrets --install ${HOME}/.git-support + git secrets --install -f ${HOME}/.git-support git config --global core.hooksPath ${HOME}/.git-support/hooks GLOBAL_TOKEN="--global" fi git secrets --register-aws $GLOBAL_TOKEN # Add general custom rules -git secrets --add $GLOBAL_TOKEN '(dbpasswd|dbuser|dbname|dbhost|api_key|apikey|password|guid|hostname|pw).*[=:][^(?=|>|.*=>|.*>$)]' -git secrets --add $GLOBAL_TOKEN '(DBPASSWD|DBUSER|DBNAME|DBHOST|API_KEY|APIKEY|PASSWORD|GUID|HOSTNAME|PW).*[=:][^(?=|>|.*=>|.*>$)]' +git secrets --add $GLOBAL_TOKEN '(dbpasswd|dbuser|dbname|dbhost|_key|api_key|apikey|password|guid|hostname|pw).*[=:][^(?=|>|.*=>|.*>$)]' +git secrets --add $GLOBAL_TOKEN '(DBPASSWD|DBUSER|DBNAME|DBHOST|_KEY|API_KEY|APIKEY|PASSWORD|GUID|HOSTNAME|PW).*[=:][^(?=|>|.*=>|.*>$)]' git secrets --add $GLOBAL_TOKEN '(user|auth|USER|AUTH)\s*[=:][^(?=|>|.*=>|.*>$)]' git secrets --add $GLOBAL_TOKEN '(aws_access_key_id|aws_secret_access_key)\s*[=:]\s*['"'"'0-9a-zA-Z\/+]{20,42}' git secrets --add $GLOBAL_TOKEN '(AWS_ACCESS_KEY_ID|AWS_SECRET_ACCESS_KEY)\s*[=:]\s*['"'"'0-9a-zA-Z\/+]{20,42}' From 5ba6ba6f66b5080c7b655dacb871090a09b41e40 Mon Sep 17 00:00:00 2001 From: Elaine Krauss <104506225+Elaine-Krauss-TCG@users.noreply.github.com> Date: Thu, 26 Mar 2026 09:57:26 -0400 Subject: [PATCH 2/2] Update install-git-secrets-hook.sh Removes a redundant token --- install-git-secrets-hook.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/install-git-secrets-hook.sh b/install-git-secrets-hook.sh index 12838e734a..3fe1a83d56 100755 --- a/install-git-secrets-hook.sh +++ b/install-git-secrets-hook.sh @@ -40,8 +40,8 @@ fi git secrets --register-aws $GLOBAL_TOKEN # Add general custom rules -git secrets --add $GLOBAL_TOKEN '(dbpasswd|dbuser|dbname|dbhost|_key|api_key|apikey|password|guid|hostname|pw).*[=:][^(?=|>|.*=>|.*>$)]' -git secrets --add $GLOBAL_TOKEN '(DBPASSWD|DBUSER|DBNAME|DBHOST|_KEY|API_KEY|APIKEY|PASSWORD|GUID|HOSTNAME|PW).*[=:][^(?=|>|.*=>|.*>$)]' +git secrets --add $GLOBAL_TOKEN '(dbpasswd|dbuser|dbname|dbhost|_key|apikey|password|guid|hostname|pw).*[=:][^(?=|>|.*=>|.*>$)]' +git secrets --add $GLOBAL_TOKEN '(DBPASSWD|DBUSER|DBNAME|DBHOST|_KEY|APIKEY|PASSWORD|GUID|HOSTNAME|PW).*[=:][^(?=|>|.*=>|.*>$)]' git secrets --add $GLOBAL_TOKEN '(user|auth|USER|AUTH)\s*[=:][^(?=|>|.*=>|.*>$)]' git secrets --add $GLOBAL_TOKEN '(aws_access_key_id|aws_secret_access_key)\s*[=:]\s*['"'"'0-9a-zA-Z\/+]{20,42}' git secrets --add $GLOBAL_TOKEN '(AWS_ACCESS_KEY_ID|AWS_SECRET_ACCESS_KEY)\s*[=:]\s*['"'"'0-9a-zA-Z\/+]{20,42}'