mirror of
https://github.com/rcourtman/Pulse.git
synced 2026-02-18 00:17:39 +01:00
07afa94d19
Add three layers of secret leak prevention: 1. .gitleaks.toml — config extending the default ruleset (~150 rules for AWS, GCP, Stripe, OpenAI, private keys, JWTs, etc.) with allowlists tuned to suppress false positives from test fixtures and docs. 2. .husky/pre-commit — enhanced with gitleaks protect --staged (graceful skip if not installed), sensitive file type blocking (.pem, .key, .enc, id_rsa, etc.), and broadened fallback patterns covering AWS, OpenAI, GCP, and private key headers alongside existing Stripe checks. 3. .github/workflows/build-and-test.yml — new secret-scan CI job using gitleaks-action that runs in parallel with build on every push/PR, serving as the last gate if someone bypasses local hooks.