next-secrets
This is like AWS's git-secrets but better.
npm install --save-dev @financial-times/next-secrets pre-git
Ensure the following is in package.json
:
"config": {
"pre-git": {
"pre-commit": [
"node_modules/.bin/next-secrets"
]
}
}
That's it. From this point on, you can't commit any code that breaks the rules.
$ git commit
running bin/pre-commit.js script
executing task "next-secrets"
server/search.js:5:fetch(url, { headers: { x-api-key: 'a69c65f3-0db7...' } })
DENIED FILES
.env
DENIED STRINGS
file: server/search.js
line number: 5
full line: fetch(url, { headers: { x-api-key: 'a69c65f3-0db7...' } })
deny match: a69c65f3-0db7...
deny rule: [a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12}
*** WARNING!!!! ***
Resolve the above. For any potential secrets found, remove them from the code, whitelist them in project\'s secrets.js (strings only), or by tweaking the rules https://github.com/Financial-Times/next-secrets/blob/master/rules.js (strings and files)
Please see also https://github.com/Financial-Times/next-secrets/blob/master/SOLUTIONS.md for possible solutions
We are removing the files from the commit if added
Any problems, please contact the Next Platform team (#ft-next-platform)
*******************
pre-commit You've failed to pass all the hooks.
You cannot. Facepalm.
What code's not allowed?
The rules say what's allowed and what's not. See also the tests. Want changes? Please consult the Next Platform team.
Solutions to common issues
Please see here for ideas. This has the added bonus that it usually improves code's quality and security. Win-win. :-)