secretlint: Pluggable linting tool to prevent committing credential
Secretlint
Secretlint is that Pluggable linting tool to prevent committing credentials.
Feature
- Scanner: Found credentials in a project and report these
- Project Friendly: Easy to set up your project and integrate CI services
- Pre-Commit Hook: Prevent committing credential files
- Pluggable: Allow creating custom rule and flexible configuration
- Documentation: Describe the reason that rule detect it as secret
Use Cases
Hide secrets in lint error message
Secretlint support --maskSecrets option that mask secrets in lint error message. It is useful that you want to hide secrets in CI logs.
Fix secrets
Secretlint can not fix the secrets automatically. However, It is useful that --format=mask-result mask the secrets of input file.
For example, you can mask the secrets of .zsh_history file and overwrite it.
Browser
Secretlint WebExtension works on your browser.
- Firefox: https://addons.mozilla.org/ja/firefox/addon/secretlint/
- Chrome: https://chrome.google.com/webstore/detail/secretlint/hidpojbnemkajlnibhmeilpgoddkjjkf
This web extension aim to founds credentials that are included in your request/response.
Secretlint WebExtension integrates to DevTools in Chrome/Firefox. This extension helps web developers to notice exposed credentials.
Rule Packages
Secretlint rules has been implemented as separated modules.
- @secretlint/secretlint-rule-npm
- @secretlint/secretlint-rule-aws
- @secretlint/secretlint-rule-gcp
- @secretlint/secretlint-rule-github
- @secretlint/secretlint-rule-privatekey
- @secretlint/secretlint-rule-basicauth
- @secretlint/secretlint-rule-slack
- @secretlint/secretlint-rule-sendgrid
- @secretlint/secretlint-rule-shopify
- @secretlint/secretlint-rule-openai
- @secretlint/secretlint-rule-secp256k1-privatekey
- @secretlint/secretlint-rule-no-k8s-kind-secret
- @secretlint/secretlint-rule-pattern
- @secretlint/secretlint-rule-no-homedir
- @secretlint/secretlint-rule-no-dotenv
Also, Secretlint provide rule preset that includes recommened rule set.
- @secretlint/secretlint-rule-preset-recommend
- Recommended rule set
Install & Use
Copyright (c) 2020 azu
