← ClaudeAtlas

secrets-detectionlisted

Use when auditing a project for secrets committed to source control, setting up gitleaks, or hardening the "No secrets in source" harness constraint — covers scanning, baselining, configuration, and CI integration
Habitat-Thinking/ai-literacy-superpowers · ★ 35 · Code & Development · score 65
Install: claude install-skill Habitat-Thinking/ai-literacy-superpowers
# Secrets Detection Audit ## Overview Secrets in source code — API keys, tokens, passwords, private keys — are one of the most common and most damaging security failures. A single committed secret can grant an attacker access to production systems, and git history means the secret persists even after the file is deleted. Gitleaks is a SAST tool that scans git repositories for secrets using regex and entropy-based detection. It catches common patterns (AWS keys, GitHub tokens, private keys, connection strings) and supports custom rules via `.gitleaks.toml`. **Critical rule: Never assume a file is secret-free from visual inspection. Run the scanner. Encoded, split, or templated secrets are invisible to human review.** --- ## Audit Checklist ### For every project - [ ] Gitleaks is installed and available on the path - [ ] `gitleaks detect` runs cleanly against the current working directory - [ ] Git history has been scanned (`gitleaks detect` without `--no-git`) - [ ] A `.gitleaks.toml` exists if the project has known false positives - [ ] Gitleaks runs in CI and fails the build on findings - [ ] The HARNESS.md "No secrets in source" constraint is set to `deterministic` with gitleaks as the tool --- ## Installation ```bash # macOS brew install gitleaks # Linux (Debian/Ubuntu) # Download from https://github.com/gitleaks/gitleaks/releases # Or use go install: go install github.com/gitleaks/gitleaks/v8@latest # Verify installation gitleaks version ``` --- ## Ru