# git-secrets configuration
# Prevent commits that contain secrets

# AWS patterns
[secrets]
	providers = git secrets --aws-provider
	patterns = (A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}
	patterns = (\"|')?(AWS|aws|Aws)?_?(SECRET|secret|Secret)?_?(ACCESS|access|Access)?_?(KEY|key|Key)(\"|')?\\s*(:|=>|=)\\s*(\"|')?[A-Za-z0-9/\\+=]{40}(\"|')?
	patterns = (\"|')?(AWS|aws|Aws)?_?(ACCOUNT|account|Account)_?(ID|id|Id)?(\"|')?\\s*(:|=>|=)\\s*(\"|')?[0-9]{4}\\-?[0-9]{4}\\-?[0-9]{4}(\"|')?

# Generic secrets
	patterns = [A-Za-z0-9_]{0,30}(password|passwd|pwd|secret|token|api[_-]?key)[A-Za-z0-9_]{0,30}\\s*(:|=>|=)\\s*['\"][^'\"]{8,}['\"]

# Private keys
	patterns = -----BEGIN (RSA|DSA|EC|OPENSSH|PGP) PRIVATE KEY( BLOCK)?-----

[secrets "allowed"]
	# Allowlist for false positives
	# Add patterns here that are safe to commit
