Skip to content

DEV Community

azu

Posted on Jul 12, 2021 • Edited on Jul 21, 2021

secretlint can mask the secrets

#security #credentials #tool #ci

secretlint is a pluggable linting tool to prevent committing credential.

secretlint 3.3.0 support --maskSecrets option that mask the actual secret of outputs.

Release v3.3.0 · secretlint/secretlint

For example, secretlint found AWS Secret Access key and report it. With --maskSecrets, secretlint mask the secrets in outputs.

$ secretlint --maskSecrets .credential

/Users/user/.credential
  1:0  error  [AWSSecretAccessKey] found AWS Secret Access Key: ****************************************  @secretlint/secretlint-rule-preset-recommend > @secretlint/secretlint-rule-aws

✖ 1 problem (1 error, 0 warnings)

It will help you to integrate secretlint with CI like GitLab.

https://docs.gitlab.com/ee/user/application_security/secret_detection/

For more details, see original issue.

Option or formatter to not echo the actual secret to stdout · Issue #176 · secretlint/secretlint

Top comments (0)

Subscribe

Read next

5 AI-Powered Content Detectors to Help Identify AI-Generated Text

Joy Winter - Oct 10

Tether & USDC: The Backbone of 2024's Stablecoin Surge Amid Security Concerns

soma - Sep 10

Reverse engineering TP-Link Tapo's REST API - part 1

ad1s0n - Oct 9

Dockerfile Best Practices: Writing Efficient and Secure Docker Images

Uendi Hoxha - Oct 7