TIL Tell gitleaks to ignore a secret

Imagine you have a file with a line like this:


When you run gitleaks detect, a secret detection CLI, it will kindly let you know about the SSH private key it thinks it detected for you!

OK, so, imagine that line is just an example because you are writing a blog post about setting up SSH public key authentication.


What should we do?

Add the string gitleaks:allow anywhere on a line that you would like gitleaks to ignore during scans. If you are using something like CSS that does not use # for comments, you would have a line that looks like this:

aws_key=butnotreally lol /* gitleaks:allow */

A quick rabbit hole

Wikipedia has this interesting table about comments on the Comparison of programming languages (syntax).

At the Source

The additional configuration docs for gitleaks contain a section on using gitleaks:allow.

See line 38 of detect/detect.go in the gitleaks source to read more about how this works.

ℹ️ About this TIL snippet: Created 2023-01-02T12:12:30-05:00 · View the source