3.3.3 Customizing Gitleaks
Uptil now we've been using the default config that comes along with Gitleaks of all the regexes that help identify secrets. Here is the link of the default config
π« Gitleaks won't catchβ
The command below pushes a custom secret that gitleaks will not catch in the application.properties
file
cd ~/playground/
cp -r ~/s4cpcode/chapter3/3DDD/. ~/playground/
git status
git add .
git commit -m "gitleaks wonβt catch"
git push --set-upstream origin gitleaks
π View PR !β
Let's View the Terraform Github Actions and check if gitleaks is catching this secret.
- As can be seen from the screenshot below gitleaks is still unable to catch the secret in
application.properties
file.
π£ Gitleaks catches !β
We shall now add a custom configuration in gitleaks.toml
and also activate the custom configuration by renaming it to .gitleaks.toml
using the command below.
cd ~/playground/
mv gitleaks.toml .gitleaks.toml
sed -i'.bak' 's/testpassword/testpassword123/g' app/src/main/resources/application.properties
rm app/src/main/resources/application.properties.bak
git status
git add .
git commit -m "gitleaks will catch"
git push --set-upstream origin gitleaks
The configuration that has been added is as shown below
[[rules]]
description = "This Rule will detect Hibernate Passwords stored in properties file"
id = "detect-spring-hibernate-password"
regex = "spring\\.datasource\\.password\\s*=\\s*\"([^\\\"]+)\""
keywords = [
"spring",
"boot",
"hibernate"
]
ποΈ View PRβ
As can be seen now Gitleaks caught our new secret as configured by our custom rule.