This rule prevents secret files from being included in the repository by excluding them from the source code.
Secret files, similar to security keys, are sometimes committed to Git. It is bad practice to save secret files inside your repositories. Even if the repositories are private, the files are vulnerable and accessible on the computer itself or the server which holds a copy of the repository locally.
- Prevent a security breach by ensuring generated secrets keys are excluded from the source code
When one of the commits in the pull request contains a secret file pattern.
- Update the code to pull the secret key from a secret management service, for example Vault
- Remove the secret file, and push the new code to the branch
$ git rm <secret-file-path> $ git commit -a -m "removed secret file from code" $ git push
- Datree's policy check automatically ensures the secret key is removed from the pull request
|Activate a policy|