This change introduces a new hook that runs before a file is written or edited. The hook executes a script that scans the file content for patterns that match common secret formats, such as API keys, AWS keys, and private keys. If a potential secret is found, the script exits with a non-zero status code, which blocks the file operation and prevents the secret from being committed. The script also provides a user-friendly error message with the filename, line number, and a suggestion to use environment variables. This helps to prevent accidental commits of sensitive credentials to the repository. |
||
|---|---|---|
| .. | ||
| ci | ||
| code | ||
| collect | ||
| qa | ||
| review | ||
| verify | ||