Welcome
minnie-kenny.sh
is a POSIX shell script that ensures git secrets
is correctly installed and consistently configured.
git secrets
"prevents you from committing passwords and other
sensitive information to a git repository." Even after the executable is installed, it must be then configured correctly
on every git repository. Otherwise no secrets are prevented from being committed. Additionally by default the
secrets configuration is not shared in git repository and is instead configured per user device.
What minnie-kenny.sh
does:
- Enables prohibited and allowed
git secrets
patterns to be version controlled in git - Anyone running your tests who has
git
installed will also test thatgit secrets
is installed - Once
minnie-kenny.sh
completes thegit secrets
configuration once all futuregit commits
are protected
What minnie-kenny.sh
does not do:
- Does not require those who download a zip/tar of your code to install
git secrets
- Does not install the
git secrets
executable, it must be installed once per system, likegit
- Does not require
bash
by itself, though thegit secrets
command does
The script is inspired by, based upon, and developed using a number of individuals, open source projects, and hosting providers.
Contributions to minnie-kenny.sh
are welcome and appreciated!
Quick start
- Create
minnie-kenny.gitconfig
in the root of your git repository - Download and add
minnie-kenny.sh
to your git repository - Run
minnie-kenny.sh
during your build's test process
Example minnie-kenny.gitconfig
:
# NOTE: The stanza [secrets] must be included to be a valid git-config file
[secrets]
providers = git secrets --aws-provider
patterns = (A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}
patterns = (\"|')?(AWS|aws|Aws)?_?(SECRET|secret|Secret)?_?(ACCESS|access|Access)?_?(KEY|key|Key)(\"|')?\\s*(:|=>|=)\\s*(\"|')?[A-Za-z0-9/\\+=]{40}(\"|')?
patterns = (\"|')?(AWS|aws|Aws)?_?(ACCOUNT|account|Account)_?(ID|id|Id)?(\"|')?\\s*(:|=>|=)\\s*(\"|')?[0-9]{4}\\-?[0-9]{4}\\-?[0-9]{4}(\"|')?
allowed = AKIAIOSFODNN7EXAMPLE
allowed = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
# NOTE: The above example is the equivalent of `git secrets --register-aws`. Customize for your own git repo.
Additional secret configuration may be appended to the file. See the full Install instructions for more information.