Added detect-secret pre-commit hook

Author: umarali-nagoor

.github/workflows/validate_terraform.yml

@@ -25,6 +25,9 @@ jobs:
       -
         name: Install pre-commit
         run: pip install pre-commit
+      -
+        name: Upgrade hooks
+        run: pre-commit autoupdate
       -
         name: Run pre-commit command
         run: pre-commit run -a

.pre-commit-config.yaml

@@ -6,12 +6,26 @@ default_stages: [commit]
 # Terraform Validate : Validates the configuration files in a directory, referring only to the configuration and not accessing any remote services such as remote state, provider APIs, etc
 repos:
 - repo: git://github.com/antonbabenko/pre-commit-terraform
-  rev: v1.45.0
+  rev: v1.52.0
   hooks:
     - id: terraform_fmt
 - repo: git://github.com/pre-commit/pre-commit-hooks
-  rev: v3.4.0
+  rev: v4.0.1
   hooks:
       - id: check-merge-conflict
       - id: trailing-whitespace
       - id: detect-private-key
+- repo: https://github.com/ibm/detect-secrets
+  # If you desire to use a specific version of detect-secrets, you can replace `master` with other git revisions such as branch, tag or commit sha.
+  # You are encouraged to use static refs such as tags, instead of branch name
+  #
+  # Running "pre-commit autoupdate" would automatically updates rev to latest tag
+  rev: 0.13.1+ibm.46.dss
+  hooks:
+    - id: detect-secrets # pragma: whitelist secret
+      # Add options for detect-secrets-hook binary. You can run `detect-secrets-hook --help` to list out all possible options.
+      # You may also run `pre-commit run detect-secrets` to preview the scan result.
+      # when "--baseline" without "--use-all-plugins", pre-commit scan with just plugins in baseline file
+      # when "--baseline" with "--use-all-plugins", pre-commit scan with all available plugins
+      # add "--fail-on-non-audited" to fail pre-commit for unaudited potential secrets
+      args: [--baseline, .secrets.baseline, --use-all-plugins ]

.secrets.baseline

@@ -0,0 +1,85 @@
+{
+  "exclude": {
+    "files": "^.secrets.baseline$",
+    "lines": null
+  },
+  "generated_at": "2021-10-12T12:36:29Z",
+  "plugins_used": [
+    {
+      "name": "AWSKeyDetector"
+    },
+    {
+      "name": "ArtifactoryDetector"
+    },
+    {
+      "name": "AzureStorageKeyDetector"
+    },
+    {
+      "base64_limit": 4.5,
+      "name": "Base64HighEntropyString"
+    },
+    {
+      "name": "BasicAuthDetector"
+    },
+    {
+      "name": "BoxDetector"
+    },
+    {
+      "name": "CloudantDetector"
+    },
+    {
+      "ghe_instance": "github.ibm.com",
+      "name": "GheDetector"
+    },
+    {
+      "name": "GitHubTokenDetector"
+    },
+    {
+      "hex_limit": 3,
+      "name": "HexHighEntropyString"
+    },
+    {
+      "name": "IbmCloudIamDetector"
+    },
+    {
+      "name": "IbmCosHmacDetector"
+    },
+    {
+      "name": "JwtTokenDetector"
+    },
+    {
+      "keyword_exclude": null,
+      "name": "KeywordDetector"
+    },
+    {
+      "name": "MailchimpDetector"
+    },
+    {
+      "name": "NpmDetector"
+    },
+    {
+      "name": "PrivateKeyDetector"
+    },
+    {
+      "name": "SlackDetector"
+    },
+    {
+      "name": "SoftlayerDetector"
+    },
+    {
+      "name": "SquareOAuthDetector"
+    },
+    {
+      "name": "StripeDetector"
+    },
+    {
+      "name": "TwilioKeyDetector"
+    }
+  ],
+  "results": {},
+  "version": "0.13.1+ibm.46.dss",
+  "word_list": {
+    "file": null,
+    "hash": null
+  }
+}