Apr 2, 2019 by Thibault | 1804 views
https://cylab.be/blog/20/avoid-leaking-secrets-in-your-gitlab-repository
Shit happens! Chances are great that you or one of the developers in your team will one day commit a file containing secrets or private keys to a public GIT repository...
Most important thing: detect this quickly so you can take action immediately. Here comes gitleaks, a small tool that analyzes GIT repositories for leaked secrets.
Once downloaded, you can use it from the command line to analyze a local or remote repository:
gitleaks -v --repo-path=/path/to/my/repo
gitleaks -v --repo=https://github.com/gitleakstest/gronit
And here is how to automate this this in your GitLab tests (in .gitlab-ci.yml):
stages:
- leaks
- test
leaks:gitleaks:
stage: leaks
image:
name: "zricethezav/gitleaks"
entrypoint: [""]
script:
- gitleaks -v --repo-path=./ --config=gitleaks.toml
If one of the commits produces a warning you should of course fix the problem. Then, to remove gitleaks warnings, you can either:
# the leaks in these commits have been fixed...
[whitelist]
commits = [
"213c603d16c07d8b7252b62b694104e7e01c1f59",
"444f28d5437ad3127702bf1b0779ae6cd00ab146",
]