4

Yelp detect secrets is a system that prevents secrets from entering your code base. I would like to install the pre-commit hook it provides.

I've never used Git hooks before, but all the example files I see in .git/hooks/ are in bash, while the example given in the readme of yelp is a yaml file.

They link to the pre-commit.com; "a framework for managing and maintaining multi-language pre-commit hooks".

Does this mean the yelp pre-commit hook can only be used by first installing the pre-commit framework?

If so, I'm kind of lost in the usage of pre-commit. I've installed it and I can call it. So in an existing repo I've run pre-commit install. But how can I now add the yelp detect secrets pre commit hook?

Of course I've looked over the documentation on pre-commit.com, but I'm kind of lost in it.

halfer
  • 19,824
  • 17
  • 99
  • 186
kramer65
  • 50,427
  • 120
  • 308
  • 488
  • WHat actually is your question? `pre-commit` hook is basically and arbitrary code who run before execute the commit... – Idemax Nov 13 '19 at 16:53

1 Answers1

9

to use pre-commit you'll set up a .pre-commit-config.yaml which includes the tools you'd like to use (such as whitespace fixers, linters, black, flake8, etc.)

detect-secrets also provides a hook using this mechanism and you can include it using the snippet they provide:

-   repo: https://github.com/Yelp/detect-secrets
    rev: v0.13.0
    hooks:
    -   id: detect-secrets
        args: ['--baseline', '.secrets.baseline']
        exclude: .*/tests/.*

(note: I edited the snippet to use https clone urls which are much more portable)

there's also more standard tools for handling this such as bandit (which also have pre-commit integration) if you find detect-secrets to be difficult to work with

(disclaimer: I'm the author of pre-commit)

anthony sottile
  • 61,815
  • 15
  • 148
  • 207