Detect secrets spilled in your codebase


This section assumes you already used Onboardbase CLI in your project, check the installation

Onboardbase scan helps teams detect secrets(environment variables) spilled in their codebase with ease.


$ onboardbase scan

Now you should have the list of detected secrets spilled in your codebase. Please remove them and proceed to continue managing your secrets with Onboardbase

Adding secrets to scan

An.onboardbase.yaml setup file

  project: frontend-marketing
  environment: development
    - DATABASE_URL: 2314
    for: ["ONBOARDBAE", "GITLAB"]

Adding a pre-commit scan with husky

Onboardbase scan works with husky to make sure you don't commit any secret to your repo.

npm install husky --save-dev


Edit package.json > prepare script and run it once:

npm set-script prepare "husky install"
npm run prepare

Add a hook

npx husky add .husky/pre-commit "onboardbase scan"
git add .husky/pre-commit

Make a commit

git commit -m "Keep calm and commit"
# `onboardbase scan` will run

Awesome, now you can code with no worries.