• carrylex@lemmy.worldOP
      3·
      3 months ago

      Well from my personal PoV there are a few problems with that

      1. You can’t detect all credentials reliably, they could be encoded in base64 for example
      2. I think it’s kind of okay to commit credentials and configuration used for the local dev environment (and ONLY the local one). E.g. when you require some infrastructure like a database inside a container for your app. Not every dev wants to manually set a few dozen configuration entries when they quickly want to checkout and run the app
      • bleistift2@sopuli.xyzEnglish
        4·
        3 months ago

        You can’t detect all credentials reliably,

        Easy. You check in the password file first. Then you can check if the codebase contains any entry on the blacklist.

        Wait…

        • pfm@scribe.disroot.org
          4·
          3 months ago

          You were so close! The right solution is of course training an AI model that detects credentials and rejects commits that contain them!