No project description provided
Project description
Gitleaks configuration utilities
Gitleaks is a SAST tool for detecting and preventing hardcoded secrets like passwords, api keys, and tokens in git repos.
gitleaks-py provides a python library and CLI to manage Gitleaks rule configurations:
- Compare configurations using sort and diff
- Verify rules against fixture files containing secrets
- Merge rules from multiple files into a single file
Sort
Sort Gitleaks config file by case-insensitive rule ID.
python -m gitleaks_py.cli sort [OPTIONS] CONFIG_FILE
-
CONFIG_FILEFile or URL to sort -
-d,--dstOutput destination file. Writes tostd-outif omitted
Diff
Diff two config files.
python -m gitleaks_py.cli diff [OPTIONS] CONFIG_FILE [DEFAULT_CONFIG_FILE]
-
CONFIG_FILEFile or URL to diff -
DEFAULT_CONFIG_FILEFile or URL to diff against. Defaults to gitleaks default config file -
-d,--dstOutput destination file. Writes tostd-outif omitted -
-o,--omissionsDisplay omissions (rules from default config, not found in config) -
-a,--additionsDisplay additions (rule from config, not found in default config)
Verify
Verify config file against secrets held in sample files.
python -m gitleaks_py.cli verify [OPTIONS] CONFIG_FILE
-
CONFIG_FILEFile or URL to verify -
-d,--dstOutput destination file. Writes tostd-outif omitted -
-s,--secretsFolder with secrets to test rules. Defaults to./secretsFiles should be in YAML named as the rule id. e.g.
uk-gov-notify.ymlThe yaml should be structured as key-value pairs under two groupings,
secretsandallowed. The key is an identifier for failures, and the value contains the secret or allowed value to be tested. e.g.
secrets:
api-key: "gitleakstest-af3bb117-d149-4b23-ab1d-8d19ab184094-68a09f80-1f89-4d98-bd9e-ec431e970940"
api-key-upper: "GITLEAKSTEST-AF3BB117-D149-4B23-AB1D-8D19AB184094-68A09F80-1F89-4D98-BD9E-EC431E970940"
api-key-no-delim: "gitleakstest-af3bb117d1494b23ab1d8d19ab18409468a09f801f894d98bd9eec431e970940"
allowed:
test-api-key: "gitleakstest-aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa-aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa"
When allowing patterns for test data, choose something that is obviously not a real secret, such as all letter 'a'. The chances of this being generated in production should be low.
Merge
Merge multiple config files into one
python -m gitleaks_py.cli merge [OPTIONS] [CONFIG_FILES]...
-
CONFIG_FILESA space separated list of files to merge. Glob patterns may be used. e.g.toml/*.toml -
-t,--titleOutput config title. Joins titles from files if omitted -
-d,--dstOutput destination file. Writes tostd-outif omitted
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file gitleaks_py-0.3.1.tar.gz.
File metadata
- Download URL: gitleaks_py-0.3.1.tar.gz
- Upload date:
- Size: 7.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.2.2 CPython/3.10.8 Darwin/21.6.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 5aa3de9d64a73096ff57531be12271761d64db16774018f77e7ece0b418b716a |
|
| MD5 | 91b7634d44ccefe20700fd498e12139f |
|
| BLAKE2b-256 | 4e5a054475a12118b38740e70ada5ed70979ff0ccff70044b550911899bd2326 |
File details
Details for the file gitleaks_py-0.3.1-py3-none-any.whl.
File metadata
- Download URL: gitleaks_py-0.3.1-py3-none-any.whl
- Upload date:
- Size: 9.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.2.2 CPython/3.10.8 Darwin/21.6.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | ac36123b5f52ddba8daa3bae44abdc33e3bb5aa2749b24b29493a1d0dd19cfa9 |
|
| MD5 | 02b64613d4c6b5b74bef2949f97072ab |
|
| BLAKE2b-256 | fc1dd50674ae81f2c7042782a197d2222399f90a2aeff247d6e4088d07cf505b |
