secretlint is a pluggable linting tool to prevent committing credential.
secretlint is similar tools to git-secrets, but it is more flexible and support more credentials.
secretlint v3.0 support new GitHub Token format.
Recently, GitHub introduce new authentication token format.
- Behind GitHub's new authentication token formats | The GitHub Blog
- Authentication token format updates are generally available | GitHub Changelog
The character set changed from [a-f0-9] to [A-Za-z0-9_]
The format now includes a prefix for each token type:
ghp_ for Personal Access Tokens
gho_ for OAuth Access tokens
ghu_ for GitHub App user-to-server tokens
ghs_ for GitHub App server-to-server tokens
ghr_ for GitHub App refresh tokens
secretlint support them!
azu@azu_resecretlint 3.0.0 released🎉
You can prevent to commit GitHub Tokens!
github.com/secretlint/sec…03:16 AM - 29 May 2021
You can use secretlint as Docker Container or Node.js CLI.
If you already have installed Docker:
docker run -v `pwd`:`pwd` -w `pwd` --rm -it secretlint/secretlint secretlint "**/*"
If you already have installed Node.js:
npx @secretlint/quick-start "**/*"
If you want to know about secretlint, please visit secretlint/secretlint.