detect-secrets VS pre-commit-terraform

(sh)It happens. Make sure they understand that you have learned from your mistake and plan to make a meaningful effort to prevent this from happening again. Be super proactive, propose a new way to mitigate future leaks of sensitive info: https://github.com/lirantal/detect-secrets

Personally I use pre-commit with some of these hooks in addition to some default hooks. It's basically a localised CI pipeline, and also means every commit has passed checks so keeps your commit history neat. Way faster to develop infrastructure code and fix issues than having to keep pushing to the remote repo and waiting for an Action to run.

https://github.com/antonbabenko/pre-commit-terraform because Terraform/Terragrunt configs should be documented, tidy and valid all the time :)

Local testing with pre-commit-terraform. Formats code with terraform fmt Validates code with terraform validate Automatic README updates with terraform-docs. Static code analysis with TFLint, tfsec and checkov.

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index ca47c31..3e5cfef 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -22,7 +22,10 @@ repos: rev: v2.7.1 hooks: - id: prettier - types_or: [yaml, markdown, json] + types_or: [yaml, markdown, json, html] + additional_dependencies: + - "[email protected]" + - "[email protected]" - repo: https://github.com/antonbabenko/pre-commit-terraform rev: v1.74.1 hooks:

pre-commit-terraform – Pre-commit git hooks for automation

Let me share a shameless plug (as an author of the pre-commit-terraform). I will show these hooks in action and answer questions during my live stream on Friday 29th of October - https://www.youtube.com/watch?v=ziJK79tI6tY

We the following of this set of hooks for our Terraform modules:

Take a look on pre-commit scripts for terraform: https://github.com/antonbabenko/pre-commit-terraform. Of course, you can run it before git operations, for example: