-
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.gitleaks.toml
More file actions
39 lines (34 loc) · 1.11 KB
/
.gitleaks.toml
File metadata and controls
39 lines (34 loc) · 1.11 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
# Gitleaks Configuration
# Allowlist for test scripts that demonstrate fetching credentials from Vault
# These scripts do not contain hardcoded secrets - they show proper secret management
title = "DevStack Core Gitleaks Configuration"
[allowlist]
description = "Allowlist for test scripts and documentation"
# Test scripts that fetch credentials from Vault dynamically
paths = [
'''tests/test-redis-failover\.sh''',
'''tests/test-approle-security\.sh''',
'''tests/test-tls-connections\.sh''',
]
# Documentation and examples that reference Vault paths
regexes = [
# Vault path references (not actual secrets)
'''vault kv get''',
'''secret/redis-1''',
'''secret/postgres''',
'''secret/mysql''',
# Redis CLI password parameter examples (not actual passwords)
'''-a \$\{?REDIS_PASSWORD\}?''',
'''-a "\$REDIS_PASSWORD"''',
# Vault token environment variable references (not actual tokens)
'''VAULT_TOKEN=\$\(cat''',
'''~/.config/vault/root-token''',
]
# Example passwords in test documentation (not real credentials)
stopwords = [
"example",
"test",
"password",
"REDIS_PASSWORD",
"VAULT_TOKEN",
]