Avoid leaking secrets in your GitLab repository

Apr 2, 2019 by Thibault Debatty | 2703 views


Shit happens! Chances are great that you or one of the developers in your team will one day commit a file containing secrets or private keys to a public GIT repository...

Most important thing: detect this quickly so you can take action immediately. Here comes gitleaks, a small tool that analyzes GIT repositories for leaked secrets.

Once downloaded, you can use it from the command line to analyze a local or remote repository:

gitleaks -v -p /path/to/my/repo
gitleaks -v -p https://github.com/gitleakstest/gronit

And here is how to automate this this in your GitLab tests (in .gitlab-ci.yml):

  - leaks
  - test

  stage: leaks
    name: "zricethezav/gitleaks"
    entrypoint: [""]
    - gitleaks -v -c gitleaks.toml -p ./

If one of the commits produces a warning you should of course fix the problem. Then, to remove gitleaks warnings, you can either:

# the leaks in these commits have been fixed...
commits = [