chore: add secrets scanning

Author: dragos-cojocari

.circleci/config.yml

@@ -10,6 +10,7 @@ only_maintainers: &only_maintainers
       # Forked pull requests have CIRCLE_BRANCH set to pull/XXX
       ignore: /pull\/[0-9]+/
 orbs:
+  prodsec: snyk/[email protected]
   go: circleci/[email protected]
   snyk: snyk/[email protected]
   gh: circleci/[email protected]
@@ -270,6 +271,11 @@ workflows:
             - snyk-bot-slack
   pullrequest:
     jobs:
+      - prodsec/secrets-scan:
+          name: Scan repository for secrets
+          context:
+            - snyk-bot-slack
+          channel: group-infrastructure-as-code-alerts
       - lint:
           <<: *only_branches
       - test:

.gitleaksignore

@@ -0,0 +1,47 @@
+52853a39d07a208e3405fdafc5fd112f92822694:pkg/test/google/3.78.0/google_compute_ssl_certificate/expected.json:private-key:13
+52853a39d07a208e3405fdafc5fd112f92822694:pkg/test/google/3.78.0/google_compute_ssl_certificate/input.json:private-key:13
+6fb907ef58f45775e2eb8568a0a9b127feab3e5c:pkg/resource/google/testdata/acc/google_compute_ssl_certificate/host.key:private-key:1
+c13321dfcf21fc6452dfb6b49107ce13946ba62c:pkg/iac/terraform/state/test/google_compute_ssl_certificate/results.golden.json:private-key:13
+c13321dfcf21fc6452dfb6b49107ce13946ba62c:pkg/iac/terraform/state/test/google_compute_ssl_certificate/terraform.tfstate:private-key:24
+e7750bc00cc11555a248a5a4a782ea5bb4b55d06:pkg/test/aws/3.19.0/aws_iam_group/expected.json:aws-access-token:10
+e7750bc00cc11555a248a5a4a782ea5bb4b55d06:pkg/test/aws/3.19.0/aws_iam_group/input.json:aws-access-token:10
+e7750bc00cc11555a248a5a4a782ea5bb4b55d06:pkg/test/aws/3.19.0/aws_iam_access_key/expected.json:aws-access-token:3
+e7750bc00cc11555a248a5a4a782ea5bb4b55d06:pkg/test/aws/3.19.0/aws_iam_access_key/expected.json:aws-access-token:6
+e7750bc00cc11555a248a5a4a782ea5bb4b55d06:pkg/test/aws/3.19.0/aws_iam_access_key/expected.json:aws-access-token:12
+e7750bc00cc11555a248a5a4a782ea5bb4b55d06:pkg/test/aws/3.19.0/aws_iam_access_key/expected.json:aws-access-token:15
+e7750bc00cc11555a248a5a4a782ea5bb4b55d06:pkg/test/aws/3.19.0/aws_iam_access_key/expected.json:aws-access-token:21
+e7750bc00cc11555a248a5a4a782ea5bb4b55d06:pkg/test/aws/3.19.0/aws_iam_access_key/expected.json:aws-access-token:24
+e7750bc00cc11555a248a5a4a782ea5bb4b55d06:pkg/test/aws/3.19.0/aws_iam_access_key/expected.json:aws-access-token:30
+e7750bc00cc11555a248a5a4a782ea5bb4b55d06:pkg/test/aws/3.19.0/aws_iam_access_key/expected.json:aws-access-token:33
+e7750bc00cc11555a248a5a4a782ea5bb4b55d06:pkg/test/aws/3.19.0/aws_iam_role/input.json:aws-access-token:20
+e7750bc00cc11555a248a5a4a782ea5bb4b55d06:pkg/test/aws/3.19.0/aws_iam_role/input.json:aws-access-token:41
+e7750bc00cc11555a248a5a4a782ea5bb4b55d06:pkg/test/aws/3.19.0/aws_iam_role/input.json:aws-access-token:62
+e7750bc00cc11555a248a5a4a782ea5bb4b55d06:pkg/test/aws/3.19.0/aws_iam_access_key/input.json:aws-access-token:3
+e7750bc00cc11555a248a5a4a782ea5bb4b55d06:pkg/test/aws/3.19.0/aws_iam_access_key/input.json:aws-access-token:7
+e7750bc00cc11555a248a5a4a782ea5bb4b55d06:pkg/test/aws/3.19.0/aws_iam_access_key/input.json:aws-access-token:17
+e7750bc00cc11555a248a5a4a782ea5bb4b55d06:pkg/test/aws/3.19.0/aws_iam_access_key/input.json:aws-access-token:21
+e7750bc00cc11555a248a5a4a782ea5bb4b55d06:pkg/test/aws/3.19.0/aws_iam_access_key/input.json:aws-access-token:31
+e7750bc00cc11555a248a5a4a782ea5bb4b55d06:pkg/test/aws/3.19.0/aws_iam_access_key/input.json:aws-access-token:35
+e7750bc00cc11555a248a5a4a782ea5bb4b55d06:pkg/test/aws/3.19.0/aws_iam_access_key/input.json:aws-access-token:45
+e7750bc00cc11555a248a5a4a782ea5bb4b55d06:pkg/test/aws/3.19.0/aws_iam_access_key/input.json:aws-access-token:49
+e7750bc00cc11555a248a5a4a782ea5bb4b55d06:pkg/test/aws/3.19.0/aws_iam_role/expected.json:aws-access-token:17
+e7750bc00cc11555a248a5a4a782ea5bb4b55d06:pkg/test/aws/3.19.0/aws_iam_role/expected.json:aws-access-token:35
+e7750bc00cc11555a248a5a4a782ea5bb4b55d06:pkg/test/aws/3.19.0/aws_iam_role/expected.json:aws-access-token:53
+e7750bc00cc11555a248a5a4a782ea5bb4b55d06:pkg/test/aws/3.19.0/aws_iam_user/expected.json:aws-access-token:13
+e7750bc00cc11555a248a5a4a782ea5bb4b55d06:pkg/test/aws/3.19.0/aws_iam_user/expected.json:aws-access-token:27
+e7750bc00cc11555a248a5a4a782ea5bb4b55d06:pkg/test/aws/3.19.0/aws_iam_user/expected.json:aws-access-token:41
+e7750bc00cc11555a248a5a4a782ea5bb4b55d06:pkg/test/aws/3.19.0/aws_iam_user/input.json:aws-access-token:15
+e7750bc00cc11555a248a5a4a782ea5bb4b55d06:pkg/test/aws/3.19.0/aws_iam_user/input.json:aws-access-token:31
+e7750bc00cc11555a248a5a4a782ea5bb4b55d06:pkg/test/aws/3.19.0/aws_iam_user/input.json:aws-access-token:47
+e7750bc00cc11555a248a5a4a782ea5bb4b55d06:pkg/test/aws/3.19.0/aws_kms_alias/expected.json:generic-api-key:9
+e7750bc00cc11555a248a5a4a782ea5bb4b55d06:pkg/test/aws/3.19.0/aws_kms_alias/expected.json:generic-api-key:19
+e7750bc00cc11555a248a5a4a782ea5bb4b55d06:pkg/test/aws/3.19.0/aws_kms_alias/input.json:generic-api-key:11
+e7750bc00cc11555a248a5a4a782ea5bb4b55d06:pkg/test/aws/3.19.0/aws_kms_alias/input.json:generic-api-key:23
+e7750bc00cc11555a248a5a4a782ea5bb4b55d06:pkg/test/aws/3.19.0/aws_kms_alias/input.json:generic-api-key:35
+e7750bc00cc11555a248a5a4a782ea5bb4b55d06:pkg/test/aws/3.19.0/aws_kms_alias/expected.json:generic-api-key:29
+e7750bc00cc11555a248a5a4a782ea5bb4b55d06:pkg/test/aws/3.19.0/aws_kms_key/expected.json:generic-api-key:12
+e7750bc00cc11555a248a5a4a782ea5bb4b55d06:pkg/test/aws/3.19.0/aws_kms_key/expected.json:generic-api-key:27
+e7750bc00cc11555a248a5a4a782ea5bb4b55d06:pkg/test/aws/3.19.0/aws_kms_key/expected.json:generic-api-key:45
+e7750bc00cc11555a248a5a4a782ea5bb4b55d06:pkg/test/aws/3.19.0/aws_kms_key/input.json:generic-api-key:13
+e7750bc00cc11555a248a5a4a782ea5bb4b55d06:pkg/test/aws/3.19.0/aws_kms_key/input.json:generic-api-key:30
+e7750bc00cc11555a248a5a4a782ea5bb4b55d06:pkg/test/aws/3.19.0/aws_kms_key/input.json:generic-api-key:49

.pre-commit-config.yaml

@@ -0,0 +1,5 @@
+repos:
+  - repo: https://github.com/gitleaks/gitleaks
+    rev: v8.16.2
+    hooks:
+      - id: gitleaks