Add support for server side hooks by ajjl · Pull Request #80 · awslabs/git-secrets

ajjl · 2018-05-15T17:49:00Z

Client side hooks are great, but rely on developers properly setting
them up and not taking shortcuts. Server side hooks provide an
opportunity to enforce security policies at a more global level.

This commit adds an "update_hook" option which can be added as a
serverside update hook. It scans the pushed commits for secrets.

Fixes issue: #79

ajjl · 2018-05-15T17:52:07Z

Please let me know what if anything, I should do for tests.

bjbishop · 2018-05-16T14:30:08Z

This would be really useful! Thanks @ajjl

ramya-ravula-ctr · 2018-05-18T17:46:16Z

can we enforce this on public github or it is only for github enterprise appliance ?

ajjl · 2018-05-22T17:58:49Z

@ramya-ravula-ctr I dont think this works on publicly hosted github. I don't know about github enterprise is set up but I imagine it would work. This is meant for a git server that you have control over. An example would be a self hosted gitlab server.

ramya-ravula-ctr · 2018-05-22T18:17:14Z

Thanks @ajjl for the response. i figured out it's not for publicly hosted github and public github only supports client side hooks.

ajjl · 2018-05-30T18:44:55Z

@mtdowling any thoughts on this feature?

ajjl · 2018-06-28T23:27:02Z

anybody... @mtdowling ?

rix0rrr · 2018-07-17T12:14:48Z

I was looking into this as well, and was wondering the following:

Where do you store your "secret patterns"?

Normally they get stored in .git/config, but that file does not get shared between clones. So where does the server get the list of prohibited patterns?

ajjl · 2018-07-19T19:34:19Z

Hi @rix0rrr
Using gitlab I have the secrets in the .gitconfig file in the home folder of the git user on the gitlab server. I am not sure how it would be set up in other environments

mtdowling · 2018-08-10T17:22:40Z

Sorry for the delay! I was on paternity leave and then dropped the ball on reviewing this.

I've left some comments on the review.

ajjl · 2018-08-10T18:38:31Z

Thanks for the review @mtdowling! I will take a look at this this weekend or next week and get back to you.

ajjl · 2018-08-10T18:48:02Z

Also congrats on your new/bigger family! @mtdowling

Client side hooks are great, but rely on developers properly setting them up and not taking shortcuts. Server side hooks provide an opportunity to enforce security policies at a more global level. This commit adds an "update_hook" option which can be added as a serverside update hook. It scans the pushed commits for secrets.

uleinal · 2018-10-01T16:00:05Z

Wow, I totally lost track of this, anyways, I added the comment into the code, and rebased the branch. Let me know if you want anymore changes before merging @mtdowling

ajjl · 2018-10-01T16:03:49Z

That was me up there logged into my work account. Hopefully not too confusing.

mtdowling · 2018-10-24T20:52:59Z

Everything is looking good here. The only thing that I think is missing is tests. Is that something you can add?

sparr · 2023-06-16T17:27:41Z

I think this is ready along with the tests in #204.

All comments resolved.

sparr · 2023-06-20T23:39:26Z

Close and reopen to trigger tests

sparr

LGTM.
Confirming that new tests in #204 pass.

ajjl changed the title ~~Add support for server side hooks~~ wip: Add support for server side hooks May 15, 2018

ajjl force-pushed the feature/Add-serverside-hook branch from ed2d1d2 to d15da21 Compare May 15, 2018 20:31

ajjl changed the title ~~wip: Add support for server side hooks~~ Add support for server side hooks May 15, 2018

dhoer mentioned this pull request May 17, 2018

git server update hook question #77

Closed

mtdowling previously requested changes Aug 10, 2018

View reviewed changes

Comment thread git-secrets

Comment thread git-secrets

Comment thread git-secrets

uleinal and others added 2 commits October 1, 2018 10:56

Updates README with info for update_hook command

38b48c3

ajjl force-pushed the feature/Add-serverside-hook branch from d15da21 to 38b48c3 Compare October 1, 2018 15:57

xketanaka mentioned this pull request Jan 7, 2022

Add test for serverside hook #204

Open

sparr closed this Jun 20, 2023

sparr reopened this Jun 20, 2023

sparr approved these changes Jun 20, 2023

View reviewed changes

Conversation

ajjl commented May 15, 2018

Uh oh!

ajjl commented May 15, 2018

Uh oh!

bjbishop commented May 16, 2018

Uh oh!

ramya-ravula-ctr commented May 18, 2018

Uh oh!

ajjl commented May 22, 2018

Uh oh!

ramya-ravula-ctr commented May 22, 2018

Uh oh!

ajjl commented May 30, 2018

Uh oh!

ajjl commented Jun 28, 2018

Uh oh!

rix0rrr commented Jul 17, 2018

Uh oh!

ajjl commented Jul 19, 2018

Uh oh!

mtdowling commented Aug 10, 2018

Uh oh!

Uh oh!

Uh oh!

Uh oh!

ajjl commented Aug 10, 2018

Uh oh!

ajjl commented Aug 10, 2018

Uh oh!

uleinal commented Oct 1, 2018

Uh oh!

ajjl commented Oct 1, 2018

Uh oh!

mtdowling commented Oct 24, 2018

Uh oh!

sparr commented Jun 16, 2023

Uh oh!

sparr commented Jun 20, 2023

Uh oh!

sparr left a comment

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

7 participants