git secrets adds hooks to your gitrepo, preventing you from committing secrets.
# Set up a environment to test this: eg: "podman run --rm -ti debian"
apt update
apt -y install git make gpg
gpg --quick-generate-key [email protected]
git config --global user.email "[email protected]"
git config --global user.name "Testy McTestFace"
export GPG_TTY=$(tty)# Clone github repo "https://github.com/awslabs/git-secrets" and place the file
# "git-secrets" somewhere in ${PATH}
git clone https://github.com/awslabs/git-secrets.git
cd git-secrets
make install
# Create a pgp encrypted file that holds the forbidden patterns to check.
cat << EOF | gpg --encrypt --recipient [email protected] > ~/.git-secrets.patterns.gpg
[a-zA-Z0-9]{20}
[a-zA-Z0-9]{32}
[a-zA-Z0-9]{64}
!!!supersecret!!!
EOF
# Install the git hooks in a repository
mkdir /tmp/bla && cd /tmp/bla
git init
git secrets --install
# Install use the patterns from the encrypted file:
git secrets --add-provider -- gpg --decrypt ~/.git-secrets.patterns.gpg
# Try to commit a forbidden pattern
echo '!!!supersecret!!! I should not commit that....' > ./some.file
git add ./some.file
git commit