secretlint is a pluggable linting tool to prevent committing credential.
secretlint is similar tools to git-secrets, but it is more flexible and support more credentials.
secretlint v3.0 support new GitHub Token format.
Recently, GitHub introduce new authentication token format.
- Behind GitHub's new authentication token formats | The GitHub Blog
- Authentication token format updates are generally available | GitHub Changelog
The character set changed from [a-f0-9] to [A-Za-z0-9_]
The format now includes a prefix for each token type:
ghp_ for Personal Access Tokens
gho_ for OAuth Access tokens
ghu_ for GitHub App user-to-server tokens
ghs_ for GitHub App server-to-server tokens
ghr_ for GitHub App refresh tokens
secretlint support them!
azu@azu_re03:16 AM - 29 May 2021
Usage
You can use secretlint as Docker Container or Node.js CLI.
If you already have installed Docker:
docker run -v `pwd`:`pwd` -w `pwd` --rm -it secretlint/secretlint secretlint "**/*"
If you already have installed Node.js:
npx @secretlint/quick-start "**/*"
secretlint also support custom rules like ESLint.
If you want to configure it, please see secretlint documenataion.
You can setup pre-commit Hook per project or pre-commit Hook globally.
This git's pre-commit
prevent you to commit your credentials like GitHub Token, SSH key, AWS crendentials.
If you want to know about secretlint, please visit secretlint/secretlint.