Upload files to "/"
This commit is contained in:
88
.gitguardian.yml
Normal file
88
.gitguardian.yml
Normal file
@@ -0,0 +1,88 @@
|
||||
# GitGuardian configuration
|
||||
# See: https://docs.gitguardian.com/ggshield-docs/reference/gitguardian-yaml
|
||||
|
||||
secret:
|
||||
# Paths that contain test fixtures, example files, and dev configs — not real secrets
|
||||
ignored-paths:
|
||||
- "**/tests/**"
|
||||
- "**/test_*"
|
||||
- "**/conftest.py"
|
||||
- "**/*.test.*"
|
||||
- "**/testdata/**"
|
||||
- "deploy/env-example"
|
||||
- "features/**/tests/**"
|
||||
- "tests2/**"
|
||||
- "tests3/**"
|
||||
# Backup env files (deleted from tree, exist only in git history)
|
||||
- ".env.backup"
|
||||
- "deploy/compose/.env.bak"
|
||||
# Notebook test fixtures with test API keys
|
||||
- "packages/vexa-client/tests.ipynb"
|
||||
- "packages/vexa-client/tests/tutorial.ipynb"
|
||||
# Example/template files with placeholder credentials
|
||||
- "**/.pypirc.example"
|
||||
# Dashboard validation scripts with test tokens
|
||||
- "services/dashboard/agent-inspect.js"
|
||||
- "services/dashboard/agent-flow.js"
|
||||
- "services/dashboard/auth-validate*.js"
|
||||
- "services/dashboard/feature-validate.js"
|
||||
|
||||
# Known test/dev patterns that are not real secrets
|
||||
ignored-matches:
|
||||
# Test admin tokens (hardcoded in test fixtures)
|
||||
- name: "test-admin-token"
|
||||
match: "test-admin-token*"
|
||||
- name: "changeme-default"
|
||||
match: "changeme"
|
||||
|
||||
# Test API key prefixes (fake tokens in unit tests)
|
||||
- name: "test-vxa-bot-tokens"
|
||||
match: "vxa_bot_abc*"
|
||||
- name: "test-vxa-bot-testkey"
|
||||
match: "vxa_bot_testkey*"
|
||||
- name: "test-vxa-user-tokens"
|
||||
match: "vxa_user_*"
|
||||
|
||||
# Chrome password-store flag (not a secret)
|
||||
- name: "chrome-password-store"
|
||||
match: "password-store=basic"
|
||||
|
||||
# Helm chart template placeholders
|
||||
- name: "helm-changeme"
|
||||
match: "CHANGE_ME"
|
||||
|
||||
# vexa-internal-secret default (used in dev only)
|
||||
- name: "internal-secret-default"
|
||||
match: "vexa-internal-secret"
|
||||
|
||||
# staging admin token (dev-only, not production)
|
||||
- name: "staging-admin-token"
|
||||
match: "staging-admin-token"
|
||||
|
||||
# test-admin-token-t3 (tests3 test cluster)
|
||||
- name: "test-cluster-token"
|
||||
match: "test-admin-token-t3"
|
||||
|
||||
# Dev-only default database password (postgres:postgres for local dev)
|
||||
- name: "dev-postgres-password"
|
||||
match: "POSTGRES_PASSWORD=postgres"
|
||||
- name: "dev-db-password"
|
||||
match: "DB_PASSWORD=postgres"
|
||||
- name: "dev-db-password-value"
|
||||
match: "password: \"postgres\""
|
||||
- name: "dev-db-url-password"
|
||||
match: "postgres:postgres@"
|
||||
|
||||
# Dev-only MinIO defaults (non-production)
|
||||
- name: "dev-minio-access-key"
|
||||
match: "vexa-access-key"
|
||||
- name: "dev-minio-secret-key"
|
||||
match: "vexa-secret-key"
|
||||
|
||||
# Dev-only JWT secret
|
||||
- name: "dev-jwt-secret"
|
||||
match: "vexa-dev-jwt-secret"
|
||||
|
||||
# PyPI example placeholder
|
||||
- name: "pypi-placeholder"
|
||||
match: "your-pypi-api-token-here"
|
||||
Reference in New Issue
Block a user