feat(justfile): add gitleaks secret scanning recipes

cameronraysmith · cameronraysmith · commit d9def2109013 · 2025-10-25T22:20:19.000-04:00
Add justfile recipes for running gitleaks secret scanning both on the
entire repository and on staged changes. These recipes provide convenient
local secret scanning capabilities.

- scan-secrets: scan entire repository for secrets
- scan-staged: scan only staged changes (matches pre-commit hook)
diff --git a/justfile b/justfile
@@ -377,6 +377,16 @@ test-release-all:
 
 ## Secrets
 
+# Scan repository for secrets
+[group('secrets')]
+scan-secrets:
+  gitleaks detect --verbose --redact
+
+# Scan staged changes for secrets (pre-commit)
+[group('secrets')]
+scan-staged:
+  gitleaks protect --staged --verbose --redact
+
 # Show existing secrets using sops
 [group('secrets')]
 show-secrets:
