Detect secrets spilled in your codebase
This section assumes you already used Onboardbase CLI in your project, check the installation
Onboardbase scan helps teams detect secrets(environment variables) spilled in their codebase with ease.
$ onboardbase scan
Now you should have the list of detected secrets spilled in your codebase. Please remove them and proceed to continue managing your secrets with Onboardbase
Adding secrets to scan
.onboardbase.yaml setup file
setup: project: frontend-marketing environment: development secrets: local: - DATABASE_URL: 2314 scan: for: ["ONBOARDBAE", "GITLAB"]
Adding a pre-commit scan with husky
Onboardbase scan works with husky to make sure you don't commit any secret to your repo.
npm install husky --save-dev
package.json > prepare script and run it once:
npm set-script prepare "husky install" npm run prepare
Add a hook
npx husky add .husky/pre-commit "onboardbase scan" git add .husky/pre-commit
Make a commit
git commit -m "Keep calm and commit" # `onboardbase scan` will run
Awesome, now you can code with no worries.
Updated 4 months ago