Created
December 5, 2017 06:40
-
-
Save badri/db7b041dce842c99853a8957a49f5f1d to your computer and use it in GitHub Desktop.
pre-commit for preventing unencrypted secrets from getting committed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # This pre-commit hook checks that you havn't left and DONOTCOMMIT tokens in | |
| # your code when you go to commit. | |
| # | |
| # To use this script copy it to .git/hooks/pre-commit and make it executable. | |
| # | |
| # This is provided just as an example of how to use a pre-commit hook to | |
| # catch nasties in your code. | |
| # Work out what to diff against, really HEAD will work for any established repository. | |
| if git rev-parse --verify HEAD >/dev/null 2>&1 | |
| then | |
| against=HEAD | |
| else | |
| # Initial commit: diff against an empty tree object | |
| against=4b825dc642cb6eb9a060e54bf8d69288fbee4904 | |
| fi | |
| yamllint -s deploy/secrets.yml > /dev/null | |
| if [ $? -eq 0 ] ; then | |
| echo "Your secrets file is not encrypted. Consider encrypting it before committing." | |
| exit 1 | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment