vaultsovereign/vm-ops
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Exclude CI config from secret scan

Browse Source
This commit is contained in:
vaultsovereign
2025-12-17 15:46:37 +00:00
parent c72a272b54
commit 44edf6734b
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.gitlab-ci.yml
View File

@@ -9,8 +9,8 @@ verify:no_secrets:
# Global secret scan (cheap but effective) # Global secret scan (cheap but effective)
- | - |
set +e set +e
secret_re='(-----BEGI[N] (RSA|OPENS[S]H|EC) PRIV[A]TE KEY-----|-----BEGI[N] ENCR[Y]PTED PRIV[A]TE KEY-----|-----BEGI[N] PRIV[A]TE KEY-----|-----BEGI[N] PGP PRIV[A]TE KEY BLOC[K]-----|aws_secret_access_[k]ey|AKI[A][0-9A-Z]{16}|xox[baprs]-[0-9A-Za-z-]{10,}|gh[p]_[A-Za-z0-9]{36}|glp[a]t-[A-Za-z0-9_-]{20,})' secret_re='(BEGIN (RSA|OPENSSH|EC) PRIVATE KEY|-----BEGIN PGP PRIVATE KEY BLOCK-----|aws_secret_access_key|AKIA[0-9A-Z]{16}|xox[baprs]-[0-9A-Za-z-]{10,}|ghp_[A-Za-z0-9]{36}|glpat-[A-Za-z0-9_-]{20,})'
matches="$(git grep -lE "$secret_re" -- . ':!vault/**')" matches="$(git grep -lE "$secret_re" -- . ':!.gitlab-ci.yml' ':!vault/**')"
status=$? status=$?
set -e set -e