From d4125f7097bb83a86ccfc6a5b7a5836f36ffaf4a Mon Sep 17 00:00:00 2001
From: Tucker Troyer <tuckeralan.dev@gmail.com>
Date: Thu, 25 Feb 2021 16:03:32 -0600
Subject: [PATCH] Add secrets detection capability with pre-commit hook
 configuration" (#241)

Signed-off-by: Tucker Troyer <tucker.troyer@ibm.com>
---
 .pre-commit-config.yaml | 17 +++++++++++
 .secrets.baseline       | 64 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 81 insertions(+)
 create mode 100644 .pre-commit-config.yaml
 create mode 100644 .secrets.baseline

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
new file mode 100644
index 00000000..118eb7c0
--- /dev/null
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,17 @@
+# This is an example configuration to enable whitewater-detect-secrets in the pre-commit hook.
+# Add this file to the root folder of your repository.
+#
+# Read pre-commit hook framework https://pre-commit.com/ for more details about the structure of config yaml file and how git pre-commit would invoke each hook.
+#
+# This line indicates we will use the hook from Whitewater/whitewater-detect-secrets to run scan during commiting phase.
+- repo: git@github.ibm.com:Whitewater/whitewater-detect-secrets
+  # If you desire to use a specific version of whitewater-detect-secrets, you can replace `master` with other git revisions such as branch, tag or commit sha.
+  rev: 0.13.1+ibm.29.dss
+  hooks:
+    -   id: detect-secrets # pragma: whitelist secret
+        # Add options for detect-secrets-hook binary. You can run `detect-secrets-hook --help` to list out all possible options.
+        # You may also run `pre-commit run detect-secrets` to preview the scan result.
+        #
+        # The `--no-keyword-scan` field can be removed if you are using 0.10.3-ibm.1. It was added prior to 0.10.3-ibm.1 to reduce false positives generated from old keyword scanner.
+        # After 0.10.3-ibm.1, keyword scanner is disabled by default.
+        args: [--baseline, .secrets.baseline, --no-keyword-scan, --no-base64-string-scan ]
\ No newline at end of file
diff --git a/.secrets.baseline b/.secrets.baseline
new file mode 100644
index 00000000..579f949c
--- /dev/null
+++ b/.secrets.baseline
@@ -0,0 +1,64 @@
+{
+  "exclude": {
+    "files": null,
+    "lines": null
+  },
+  "generated_at": "2021-02-23T04:18:46Z",
+  "plugins_used": [
+    {
+      "name": "AWSKeyDetector"
+    },
+    {
+      "name": "ArtifactoryDetector"
+    },
+    {
+      "name": "BasicAuthDetector"
+    },
+    {
+      "name": "BoxDetector"
+    },
+    {
+      "name": "CloudantDetector"
+    },
+    {
+      "name": "GheDetector"
+    },
+    {
+      "hex_limit": 3,
+      "name": "HexHighEntropyString"
+    },
+    {
+      "name": "IbmCloudIamDetector"
+    },
+    {
+      "name": "IbmCosHmacDetector"
+    },
+    {
+      "name": "JwtTokenDetector"
+    },
+    {
+      "name": "MailchimpDetector"
+    },
+    {
+      "name": "PrivateKeyDetector"
+    },
+    {
+      "name": "SlackDetector"
+    },
+    {
+      "name": "SoftlayerDetector"
+    },
+    {
+      "name": "StripeDetector"
+    },
+    {
+      "name": "TwilioKeyDetector"
+    }
+  ],
+  "results": {},
+  "version": "0.13.1+ibm.29.dss",
+  "word_list": {
+    "file": null,
+    "hash": null
+  }
+}