dotfiles VS detect-secrets

I've been looking for a cross-platform dotfile management tool and I had some hope for this but it seems a little too complex, and I don't like that I would end up with lots of yaml/toml/json files. I use Mac, Windows, and Linux and I want to have a single configuration for all. I've been using https://github.com/rhysd/dotfiles and it is the only thing that really works well for me.

I've used my custom bash script for managing dotfiles for ages and also have tried all other tools, but just couldn't get it right because I work on multiple OS. Then I found https://github.com/rhysd/dotfiles. It is the only tool I know of that can support multiple OS (Linux, mac, windows). I have to work with multiple OS and having a single dotfiles repo has been great, especially its ability to set different config on different OS, well as a unified Unix-like config setting.

I searched a bit and found: https://github.com/Yelp/detect-secrets

To add my anecdote, testing out Trufflehog versus Gitleaks and detect-secrets the other tools seemed superior on detection rate and easier to work with.

Respecting your privacy: To protect your sensitive data, um uses the excellent detect-secrets python library to remove passwords and tokens before indexing commands. Also our OpenAI account is opted out of collecting and using data for training the next versions of GPT.

exclude: "^/migrations/" default_stages: [ commit, push ] default_language_version: python: python3 repos: - repo: https://github.com/Yelp/detect-secrets rev: v1.4.0 hooks: - id: detect-secrets name: Detect secrets language: python entry: detect-secrets-hook args: ['--baseline', '.secrets.baseline']

repos: - repo: https://github.com/pre-commit/pre-commit-hooks rev: v2.3.0 hooks: - id: check-yaml - id: end-of-file-fixer - id: trailing-whitespace - repo: https://github.com/Yelp/detect-secrets rev: v1.4.0 hooks: - id: detect-secrets - repo: https://github.com/igorshubovych/markdownlint-cli rev: v0.33.0 hooks: - id: markdownlint args: ["--disable=MD013"] # this removes line length warnings

Yelp has a "detect-secrets" project that can detect potential secrets and can be used as a pre-commit hook: https://github.com/Yelp/detect-secrets

detect-secret is an enterprise-friendly tool for detecting and preventing secrets in the code base. We can also scan the non-git tracked files. There are other tools as well like Gitleaks which also provide similar functionality.

As presented in the report, a lot of secrets are hardcoded in the Git repository. This can be detected by secret detection tools. There are OSS like https://github.com/Yelp/detect-secrets or SaaS alternatives. The detection process can be executed by every team member locally using Git Hooks and on Github using Github Checks on the Pull Request level.