|
1 | 1 | # rust-secrets |
2 | 2 |
|
3 | | -Pre-commit hooks written in rust. A complete replacement of AWS git-secrets |
| 3 | +Pre-commit hooks that prevent credential leaks, written in rust. A replacement of AWS git-secrets that also has automated provider refreshing. Like `git-secrets`, it adds a regex file to your git config and uses it to scan for secrets when you `git commit`. With `git-find`, it can automatically pull changes to that file before scanning for secrets, ensuring that you have the most up to date regex secret file. |
| 4 | + |
| 5 | +This is really useful for: |
| 6 | + |
| 7 | +- teams that want to share a regex secret file (containing common server names, tokens, etc) |
| 8 | +- teams that update their regex file and need to automatically update their teammates pre-commit hooks |
| 9 | +- newbies that may forget to manually update their regex files |
4 | 10 |
|
5 | 11 | ## Install |
6 | 12 |
|
@@ -28,7 +34,43 @@ Run this in a PowerShell terminal. It will pull the `install.ps1` script from th |
28 | 34 | powershell -ExecutionPolicy ByPass -c "irm https://raw.githubusercontent.com/edenian-prince/rust-secrets/refs/heads/main/install.ps1 | iex" |
29 | 35 | ``` |
30 | 36 |
|
31 | | -## Details |
| 37 | +## Setup |
| 38 | + |
| 39 | +1. Once installed, run this (and then restart your shell if using PowerShell) |
| 40 | + |
| 41 | +```bash |
| 42 | +git find install |
| 43 | +``` |
| 44 | + |
| 45 | +2. Add a secret provider. Can be either a .txt file on your local machine or a raw.github.txt file from github |
| 46 | + |
| 47 | +```bash |
| 48 | +git find add-provider --path /full/path/to/secret.txt |
| 49 | +``` |
| 50 | + |
| 51 | +That's it! |
| 52 | + |
| 53 | + |
| 54 | +### Optional: |
| 55 | + |
| 56 | +#### Automatic git find add-provider |
| 57 | + |
| 58 | +If you want an automated github regex file, you must first clone the repo and then run |
| 59 | + |
| 60 | +```bash |
| 61 | +git find add-provider --path /full/path/to/git/clone/secret.txt |
| 62 | +``` |
| 63 | +This will prompt you and ask if you want the auto updates. Write Y and it will set it up for you. Whenever the pre-commit hook runs it will automatically pull from that repo so that your regex file is the most up to date. |
| 64 | + |
| 65 | +#### git find scan |
| 66 | + |
| 67 | +To scan the entire git history of a repo, run this within a git repo |
| 68 | + |
| 69 | +```bash |
| 70 | +git find scan |
| 71 | +``` |
| 72 | + |
| 73 | +## Further Details |
32 | 74 |
|
33 | 75 | AWS Git Secrets is great, but for users new to git, it is not great. My team wanted to have one centralized regex file that all team members could scan against for |
34 | 76 | their pre-commit hooks. AWS git secrets can do that no problem, but it has no way of automatically pulling any _changes_ to the centralized file. |
|
0 commit comments