TIL Tell gitleaks to ignore a secret
Imagine you have a file with a line like this:
-----BEGIN OPENSSH PRIVATE KEY-----
When you run
gitleaks detect, a secret detection CLI, it will kindly let you know about the SSH private key it thinks it detected for you!
OK, so, imagine that line is just an example because you are writing a blog post about setting up SSH public key authentication.
What should we do?
Add the string
gitleaks:allow anywhere on a line that you would like
gitleaks to ignore during scans. If you are using something like CSS that does not use
# for comments, you would have a line that looks like this:
aws_key=butnotreally lol /* gitleaks:allow */
A quick rabbit hole
At the Source
See line 38 of
detect/detect.go in the
gitleaks source to read more about how this works.
ℹ️ About this TIL snippet: Created 2023-01-02T12:12:30-05:00 · View the source