Detect secrets spilled in your codebase


This section assumes you already used Onboardbase CLI in your project, check the installation

Onboardbase aims to remove the need for env files, hardcoded secrets, and copy-pasted credentials to make your life as a developer much easier. With Onboardbase scan, we can scan your code base for secrets that are 'spilling' over i.e that are not managed by Onboardbase.


$ onboardbase scan

Now you should have the list of detected secrets spilled in your codebase. Please remove them and proceed to continue managing your secrets with Onboardbase

Adding secrets to scan

An.onboardbase.yaml setup file

  project: frontend-marketing
  environment: development
    - DATABASE_URL: 2314

Adding a pre-commit scan with husky

Onboardbase scan works with husky to ensure you don't commit any secret to your repo.

npm install husky --save-dev


Edit package.json > prepare script and run it once:

npm set-script prepare "husky install"
npm run prepare

Add a hook

npx husky add .husky/pre-commit "onboardbase scan"
git add .husky/pre-commit

Make a commit

git commit -m "Keep calm and commit"
# `onboardbase scan` will run

Awesome, now you can code with no worries.