detect-secrets v1.2 releases: detecting and preventing secrets in code

detect-secrets

detect-secrets is an aptly named module for (surprise, surprise) detecting secrets within a code base.

However, unlike other similar packages that solely focus on finding secrets, this package is designed with the enterprise client in mind: providing a backward-compatible, systematic means of:

1. Preventing new secrets from entering the code base,
2. Detecting if such preventions are explicitly bypassed, and
3. Providing a checklist of secrets to roll, and migrate off to more secure storage.

This way, you create a separation of concern: accepting that there may currently be secrets hiding in your large repository (this is what we refer to as a baseline), but preventing this issue from getting any larger, without dealing with the potentially gargantuous effort of moving existing secrets away.

It does this by running periodic diff outputs against heuristically crafted regex statements, to identify whether any new secret has been committed. This way, it avoids the overhead of digging through all git history, as well as the need to scan the entire repository every time.

Changelog v1.2

📣 Release Highlights

• Continous integration github action added (#506)
• Release pipeline github action added (#513)

🎉 New Features

• New GitHub token plugin added (#465)
• New SendGrid plugin added (#463)
• More new ignored file extensions

🐛 Bugfixes

• Fixes catastrophic backtracking for indirect reference heuristic (#509)
• Fixes pre-commit hook secret equality checking causing updates to baseline with no real changes – only a timestamp update (#507)
• Fixes python 3.8 failing to load plugins on windows and macos (#505)
• Fixes yaml transformer inline dicitonary index out of bounds exceptions (#501)
• Fixes regex for slack url (#477)
• Fixes AttributeError: 'PotentialSecret' object has no attribute 'line_number' by safely falling back to 0 if line_number isn’t present. (#476)(#472)
• Fixes gibberish-detector current version
• Fixes filtering ordering in .secrets.baseline

🐍 Miscellaneous

• Updated README due hook failing to interpret filenames with spaces (#470)
• Add CI github action badge to README
• Development dependency bumps (#519)

Install & Use

Copyright 2017-2018 Yelp Inc.