Skip to content

Roblox/safe-push

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
git
git
 
 
gitleaks.toml
gitleaks.toml
 
 

Repository files navigation

Safe Push intercepts Git commands and scans commits for secrets.

Dependencies

Safe Push was designed to run only on arm64 macOS on versions >= Sequoia.

To use Safe Push, install Gitleaks.

Other dependencies:

  • Git
  • zsh
  • jq

How it works

Safe Push uses Gitleaks under the hood. Gitleaks runs a particular regex if any of its associated keywords are present.

How to use

  1. Place the files git and gitleaks.toml in whatever directory you want them to be in.
  2. At the end of your .zshrc or in .zlogin, prepend the directory to the PATH, e.g. export PATH=/foo/bar:$PATH.
  3. Optional: Add custom rules to gitleaks.toml.
  4. Optional: Set METRICS_URL in the git file to a Prometheus endpoint.
  5. Use Git as usual. If you commit a secret (with relevant keywords present), Safe Push should stop the commit with an error. For instance, Safe Push should stop a commit that contains the following:
AWS_KEY_ID="AKIAUBU3ALDOXX8DYGGZ"
AWS_SECRET_ACCESS_KEY="+S4n3m54u1P8t/S7BkQdoMZQNzSsLEn4VG0rZ5HF"

License

See LICENSE.

About

Public-facing repo for application that catches secrets in source control commits.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages