Gitleaks
Definition
Gitleaks is an open-source tool designed to detect hardcoded secrets such as passwords, API keys, and tokens in Git repositories. It scans the commit history and the current state of the repository to identify potential security vulnerabilities caused by exposed secrets. By integrating Gitleaks into the development workflow, teams can prevent sensitive information from being inadvertently committed to version control systems.
Secure Settings Example
# .gitleaks.toml
title = "Gitleaks Configuration"
[[rules]]
description = "Generic API Key"
regex = '''(?i)(api_key|apikey|secret|token|password)[\s]*[:=][\s]*['"]?[a-zA-Z0-9-_]{20,}['"]?'''
tags = ["apikey", "secret", "token", "password"]
[[rules]]
description = "AWS Access Key"
regex = '''AKIA[0-9A-Z]{16}'''
tags = ["AWS", "key"]
[[rules]]
description = "AWS Secret Key"
regex = '''(?i)aws(.{0,20})?(?-i)['"][0-9a-zA-Z/+]{40}['"]'''
tags = ["AWS", "secret"]
Insecure Settings Example
# .gitleaks.toml
title = "Gitleaks Configuration"
[[rules]]
description = "Weak API Key Detection"
regex = '''apikey[\s]*[:=][\s]*['"]?[a-zA-Z0-9-_]{5,}['"]?'''
tags = ["apikey"]
# This configuration uses a weak regex pattern that may not effectively detect all API keys,
# leading to potential false negatives and missed secrets.