Repository Template with Gitleaks Security

This is a template repository with pre-configured secret scanning using Gitleaks.

What's Included

• ✅ Gitleaks GitHub Action - Automatic secret scanning on every push and PR
• ✅ Custom rules - Detects GoCardless, OpenRouter, OpenAI, PostgreSQL, and 140+ other secrets
• ✅ False positive handling - Pre-configured ignore patterns
• ✅ Zero maintenance - Runs automatically forever

Using This Template

Option 1: GitHub UI (Easiest)

1. Click "Use this template" button above
2. Create your new repository
3. Gitleaks is automatically included ✅

Option 2: Clone and Copy

# Copy files to your existing repo
cd /path/to/your-repo
curl -O https://raw.githubusercontent.com/fhalamzie/repo-template/main/.github/workflows/gitleaks.yml
curl -O https://raw.githubusercontent.com/fhalamzie/repo-template/main/.gitleaksignore
curl -O https://raw.githubusercontent.com/fhalamzie/repo-template/main/.gitleaks.toml

# Create workflows directory if needed
mkdir -p .github/workflows
mv gitleaks.yml .github/workflows/

# Commit and push
git add .github/workflows/gitleaks.yml .gitleaksignore .gitleaks.toml
git commit -m "feat: add Gitleaks secret scanning"
git push

What Gets Scanned

Every push and pull request is automatically scanned for:

• API keys (OpenAI, OpenRouter, AWS, Azure, etc.)
• Database credentials
• Private keys (SSH, RSA, etc.)
• OAuth tokens
• And 140+ more secret patterns

What Happens When Secrets Are Found

• ❌ GitHub Action fails
• 📧 Email notification sent
• 💬 Comment posted on PR
• 📊 Detailed report generated
• 🚫 Prevents merging until fixed

Customization

Add False Positives

Edit .gitleaksignore:

path/to/false/positive.py

Add Custom Rules

Edit .gitleaks.toml:

[[rules]]
id = "my-custom-secret"
description = "My Custom Secret Pattern"
regex = '''my-secret-[0-9]+'''

Documentation

For detailed setup and troubleshooting, see the Gitleaks documentation.

---

Template created for automated security across all repositories 🛡️