.gitleaks.toml

title = "Gitleaks config with known false positives for identity dashboard"

[extend]
useDefault = true

[allowlist]
  description = "Commits with sample keys or auto-generated keys that have been commented out"
  commits = [
    "5c7649fbe93218eb9f65f52bfcdb6a8aee8c27d3",
    "67314306441027718bd51ff03bb2beea3b47b2fa",
    "cb276714e0e8379d25d7a6942068633a0fb9744b",
    "2bd17a572dc0fb1b620e4f245a35d4f81625d83f",
    "93fa0ee732f5478f0ec3089e37fff01858033431",
    "73b8d4fd7745287844eb95f32b909acd405742b9",
    "aa2626f9c031d6007cc1dd92cb79d912e47e40fb",
    "2febcde39abf4b4917c8bc6ca8fc1797659a3657",
    "2e833558f5470881c3467e6eee7ec1dcbad0b8bd"
  ]
  stopwords = [
  # sample dev keys in application.yml.default, application.yml.default.docker
  # same key with 2 space and 4 space indentation, it's weird like that
  "-----BEGIN RSA PRIVATE KEY-----\n  Proc-Type: 4,ENCRYPTED\n  DEK-Info: DES-EDE3-CBC,3BBA2AE203104123\n\n  OP57tGYQbWtS7uQaTLRjqp+ZvuSp3eOYqHiakpGh/aLZfOrs751y0Qj51b/QXEdV\n  YSRsg7xdm7MIttiYMln23JAU8gBiUGFfDzMC65I+WLDSiHFBVQ7s8aJoU9o4li08\n  1/37pQ3Z2aZ0k4oPKr3iQuilFeCdJ8yFJlZ070SRGyI/8ui2T2UPDmVenF8ZTLJ8\n  nbADZSntQ+qLa0IAi40ADOpcFtIFkhJgYma1dLwngwJS0tF8xUaxoqA/Fd0WXDmp\n  5uuMMmJTF0jhi9XRqe48f9SGNc4yPR32VI7hO9v8eMzoFG1yEwJ7aupIJCzDBuWK\n  ZP06uRZQIzrCALz6OY0c171lQQgnHszbjo+hbeaHtuVzLslhQCjzZW4xPaJOU7vr\n  77XFk5DkNU/bIPGVCfO4MNM4nP0Jlkz0Q0W9KZMv3uj0rm0/YaQtMb4AkBZ9Dofv\n  lR7nH1gQtgJ3/zmeA12Cw1LG8t0f8knLSZpfgYR1pJpk5wiYaOxDxTsL7sxFRj6d\n  CMC1QEwLQrBLW15jd03ruFsUl8YejLuYBziZVrZ/8QlJb2aEAuIOTwG2albVSXvU\n  Zve/R6jDeL/F5AQQKL9x7YwKg68safZZmI+ICSerl1jLjb7hlis1m0KDTYJD+K4t\n  H4cMVOsZBhxzfXmqzTChEj6YrO1QlN7YDpjHpeIYqS6sSdJGDK04h2SGeW84TFEI\n  D3yS0rPa9VM9SbXpmcYrtsL5FOODTcoEPu896V3aFXLn6EdbolwwA+Pz43R6ZkZX\n  DzB3uHcg0s1H5e3Bv2AWGgNZ0AGMnmbkCXhlxDHaWGvgQVSngmokyJm8/RxeS2Gq\n  czIXeO50WsNkuYHoFU0q4lJsM1c3JJunznH5jy7gfP11meJvqv7oNcoPXjXOh0f7\n  w2x33egBGHMxhsBEz1wlKVFCLj6790k8Ufj3b5A4inoETgWyYC0GSK9hMQWp31mO\n  deFQ7sB24YAgFeCr8nW1oNb65th/ByoLT357HerULlYoLDIJt+l/KIYQtq0y2HEK\n  h8OSHn5EIWRE/MbqXubx+pYe5nC5HyEtM/MLE0iYWuUqTdQE5W73hPteaFOP+8W2\n  JEXVpD+ExZ4mZmI6quhVtZ2vAa3yEjIGTqQbisXj8Fh8Ot+1u+RD3Nh4+yEwHt/m\n  lzQ80uwbegWULiOXoeBwMQVY1AZJ17NGfNXyiPlQpHMDs+5GsXVkCMhQ+CwlhgEy\n  8uYesIKurbQIv0VzTZlvBlIvfv31DVskL6i7vf78CKKNAr2PlR5TCWsQGOH7nY7y\n  DImdqbHZps73e2xRsf3uyNTZ7gmjtXCm7pkF0sJRpiJpOOQurO6Qz7P9hgPS3Jbh\n  HU3ZH/F8LNCT+pcObh6gIF8JF/6asJjO2mhT65kf4zeHbt+HRgg1smYEiWyPDraW\n  KnIG040aPpcAo+nEMsET3ryxNFm1WE0fa2/nnnqQy9j7C76uGzNHfWfhnds8VEvV\n  vpiz7cpH3L/iRU1p27YzQoDMuEtms4Z2SRJPVDPv0BQ27wWWo4Kch5aPKQ8oQmjr\n  7hLzuiiCE0QWZSRAgwI5EUqI469aEXxb3tFOvEfrS5VjuzpJ95PjmJqFPCG5C9Pq\n  b7Jv5ZVoWFhuEAR+QJsHclA6hp8DgvE4jERP95f8B6GQac9CDtuR4f3RZE9Bq5xm\n  L3OI8q39rIf1SqZ6zT4hibyA+WEljLIeKmHi4kKZqsrcScF2fnleRmNFng+UQ/JA\n  HnckucPtAiAD1IiymiFdGwwKs8PKn+u8Bml1z/y9AaV04FICcS0DlPJTTFBb6TEU\n  /UXGzRUIKdPrqhLPMgHEjyR54ycyAVq3U61te20QIMxIldML4WQwW0ks2svcoTEZ\n  xQ0BdDt0VLop+dIhsHpswQaDdAnl0z7QnqlgCvDXuQsTxWijxWbOmp1Wtwa7TLiF\n  TjDLly4rmq10gVwOJLTKGF3nRkY4RhB2fgmG+1LJUgtoUdMonGtraBBKMsubh2Na\n  f8JCTbfqpdrhDOnPGdeQBoFetLiqe7Cx2C8S/pgTKbS73NOY2Num7Pp5daWyXYL7\n  MYrdFxKP7yV7NCF7XbEfi3BjQlwtHlMk8VrWokAESPbUTuhAbRvPtq2eMgCRl/Ap\n  LrzaFw1NSkJ8fon8Wd4fHK4jKLu2lldZ8fDz+Vy8DWK4ONbbxOWVG/kBInqt5Lv6\n  cnYFAplZBIsBCV5+RT0bOxvrU2WHecunQ9Q3uNg4+d7ZY7OFIwkNaQHCBjw7TrSt\n  wouUGubpeYnT0reCthiF6UJ1e3BK3BLi5MGsI5/qtwZHm7O7mngLEtbrl9cb/kmn\n  gtVm9kXYdFiTuFVhkNV/tEIc3ePWC8kPInGOuGoF2QMUqi9Lp7qJxADCeUj0BMP9\n  u787SaEhl99MGcHzDme4qM7SJ2K9oAZCfCJ+9OLpkGdKaBuRL4gBo3TcOHNQH20b\n  CvB0lE2VnJg2DG32Lx5MEbgZs9H63X0km0cCCW4fu5dMPoZZ/b8j/elK+PBRKiO3\n  hOjGiWrQBoNNQu/uz6UbtrtyuvCJDTSiDvq8TEwrp3dtl+7YSNdeHdbfWqdSewt1\n  3qaiZ9e+S6zaN7QscuC4f7OsNOLh2SEtE6Xf+yPcyL0pOXj+PiCj+ZgzoEf5AQCw\n  whF9VyNHTAsst5ZMIarSi7dKwelYC1lWVMmRFqGxBFkF/dPj+pZIZot323a9/w7Y\n  OY1q8IwxBVmVEw3oMOeHlEOpWSNafj5aJsFJm94KX4JoOxLD0QGzROWfQYJ5hnOD\n  z0w9VaNMuo0h5fInUvqa8Z5khczq5+8647RBx06JdjvI5bkf8bKllapeykL9QmrH\n  aF+pEcBCMG6amVb2jbmsQVnwkBDGvKqDc+JmsAHZ7z/wXjJ/hb5rMvmjq1GZbj0+\n  39zeBVhtAf9gofQAJadPkEHqjMxB1RAA56rgx0cnw0AUWAeN10GYwDSvw6fyTGna\n  lrfysZawTEtC3sXtfaghYl+zpmkN2HtpuiBQRm3OwYKrrJ6dFgoG6sCVajm1X+eP\n  thBmdYeRTGJrJ1PxYSGBJjKg6ksnmUO9ethzG09Fxt460aZfbIZikEIMtiDirqES\n  fLCnOrXnlA44sn4sHuoSO7gWZcgvkjB6HL8HShOIO3kwbB0tcl8MX8/P4kyE/OCB\n  -----END RSA PRIVATE KEY-----",
  "-----BEGIN RSA PRIVATE KEY-----\n    Proc-Type: 4,ENCRYPTED\n    DEK-Info: DES-EDE3-CBC,3BBA2AE203104123\n\n    OP57tGYQbWtS7uQaTLRjqp+ZvuSp3eOYqHiakpGh/aLZfOrs751y0Qj51b/QXEdV\n    YSRsg7xdm7MIttiYMln23JAU8gBiUGFfDzMC65I+WLDSiHFBVQ7s8aJoU9o4li08\n    1/37pQ3Z2aZ0k4oPKr3iQuilFeCdJ8yFJlZ070SRGyI/8ui2T2UPDmVenF8ZTLJ8\n    nbADZSntQ+qLa0IAi40ADOpcFtIFkhJgYma1dLwngwJS0tF8xUaxoqA/Fd0WXDmp\n    5uuMMmJTF0jhi9XRqe48f9SGNc4yPR32VI7hO9v8eMzoFG1yEwJ7aupIJCzDBuWK\n    ZP06uRZQIzrCALz6OY0c171lQQgnHszbjo+hbeaHtuVzLslhQCjzZW4xPaJOU7vr\n    77XFk5DkNU/bIPGVCfO4MNM4nP0Jlkz0Q0W9KZMv3uj0rm0/YaQtMb4AkBZ9Dofv\n    lR7nH1gQtgJ3/zmeA12Cw1LG8t0f8knLSZpfgYR1pJpk5wiYaOxDxTsL7sxFRj6d\n    CMC1QEwLQrBLW15jd03ruFsUl8YejLuYBziZVrZ/8QlJb2aEAuIOTwG2albVSXvU\n    Zve/R6jDeL/F5AQQKL9x7YwKg68safZZmI+ICSerl1jLjb7hlis1m0KDTYJD+K4t\n    H4cMVOsZBhxzfXmqzTChEj6YrO1QlN7YDpjHpeIYqS6sSdJGDK04h2SGeW84TFEI\n    D3yS0rPa9VM9SbXpmcYrtsL5FOODTcoEPu896V3aFXLn6EdbolwwA+Pz43R6ZkZX\n    DzB3uHcg0s1H5e3Bv2AWGgNZ0AGMnmbkCXhlxDHaWGvgQVSngmokyJm8/RxeS2Gq\n    czIXeO50WsNkuYHoFU0q4lJsM1c3JJunznH5jy7gfP11meJvqv7oNcoPXjXOh0f7\n    w2x33egBGHMxhsBEz1wlKVFCLj6790k8Ufj3b5A4inoETgWyYC0GSK9hMQWp31mO\n    deFQ7sB24YAgFeCr8nW1oNb65th/ByoLT357HerULlYoLDIJt+l/KIYQtq0y2HEK\n    h8OSHn5EIWRE/MbqXubx+pYe5nC5HyEtM/MLE0iYWuUqTdQE5W73hPteaFOP+8W2\n    JEXVpD+ExZ4mZmI6quhVtZ2vAa3yEjIGTqQbisXj8Fh8Ot+1u+RD3Nh4+yEwHt/m\n    lzQ80uwbegWULiOXoeBwMQVY1AZJ17NGfNXyiPlQpHMDs+5GsXVkCMhQ+CwlhgEy\n    8uYesIKurbQIv0VzTZlvBlIvfv31DVskL6i7vf78CKKNAr2PlR5TCWsQGOH7nY7y\n    DImdqbHZps73e2xRsf3uyNTZ7gmjtXCm7pkF0sJRpiJpOOQurO6Qz7P9hgPS3Jbh\n    HU3ZH/F8LNCT+pcObh6gIF8JF/6asJjO2mhT65kf4zeHbt+HRgg1smYEiWyPDraW\n    KnIG040aPpcAo+nEMsET3ryxNFm1WE0fa2/nnnqQy9j7C76uGzNHfWfhnds8VEvV\n    vpiz7cpH3L/iRU1p27YzQoDMuEtms4Z2SRJPVDPv0BQ27wWWo4Kch5aPKQ8oQmjr\n    7hLzuiiCE0QWZSRAgwI5EUqI469aEXxb3tFOvEfrS5VjuzpJ95PjmJqFPCG5C9Pq\n    b7Jv5ZVoWFhuEAR+QJsHclA6hp8DgvE4jERP95f8B6GQac9CDtuR4f3RZE9Bq5xm\n    L3OI8q39rIf1SqZ6zT4hibyA+WEljLIeKmHi4kKZqsrcScF2fnleRmNFng+UQ/JA\n    HnckucPtAiAD1IiymiFdGwwKs8PKn+u8Bml1z/y9AaV04FICcS0DlPJTTFBb6TEU\n    /UXGzRUIKdPrqhLPMgHEjyR54ycyAVq3U61te20QIMxIldML4WQwW0ks2svcoTEZ\n    xQ0BdDt0VLop+dIhsHpswQaDdAnl0z7QnqlgCvDXuQsTxWijxWbOmp1Wtwa7TLiF\n    TjDLly4rmq10gVwOJLTKGF3nRkY4RhB2fgmG+1LJUgtoUdMonGtraBBKMsubh2Na\n    f8JCTbfqpdrhDOnPGdeQBoFetLiqe7Cx2C8S/pgTKbS73NOY2Num7Pp5daWyXYL7\n    MYrdFxKP7yV7NCF7XbEfi3BjQlwtHlMk8VrWokAESPbUTuhAbRvPtq2eMgCRl/Ap\n    LrzaFw1NSkJ8fon8Wd4fHK4jKLu2lldZ8fDz+Vy8DWK4ONbbxOWVG/kBInqt5Lv6\n    cnYFAplZBIsBCV5+RT0bOxvrU2WHecunQ9Q3uNg4+d7ZY7OFIwkNaQHCBjw7TrSt\n    wouUGubpeYnT0reCthiF6UJ1e3BK3BLi5MGsI5/qtwZHm7O7mngLEtbrl9cb/kmn\n    gtVm9kXYdFiTuFVhkNV/tEIc3ePWC8kPInGOuGoF2QMUqi9Lp7qJxADCeUj0BMP9\n    u787SaEhl99MGcHzDme4qM7SJ2K9oAZCfCJ+9OLpkGdKaBuRL4gBo3TcOHNQH20b\n    CvB0lE2VnJg2DG32Lx5MEbgZs9H63X0km0cCCW4fu5dMPoZZ/b8j/elK+PBRKiO3\n    hOjGiWrQBoNNQu/uz6UbtrtyuvCJDTSiDvq8TEwrp3dtl+7YSNdeHdbfWqdSewt1\n    3qaiZ9e+S6zaN7QscuC4f7OsNOLh2SEtE6Xf+yPcyL0pOXj+PiCj+ZgzoEf5AQCw\n    whF9VyNHTAsst5ZMIarSi7dKwelYC1lWVMmRFqGxBFkF/dPj+pZIZot323a9/w7Y\n    OY1q8IwxBVmVEw3oMOeHlEOpWSNafj5aJsFJm94KX4JoOxLD0QGzROWfQYJ5hnOD\n    z0w9VaNMuo0h5fInUvqa8Z5khczq5+8647RBx06JdjvI5bkf8bKllapeykL9QmrH\n    aF+pEcBCMG6amVb2jbmsQVnwkBDGvKqDc+JmsAHZ7z/wXjJ/hb5rMvmjq1GZbj0+\n    39zeBVhtAf9gofQAJadPkEHqjMxB1RAA56rgx0cnw0AUWAeN10GYwDSvw6fyTGna\n    lrfysZawTEtC3sXtfaghYl+zpmkN2HtpuiBQRm3OwYKrrJ6dFgoG6sCVajm1X+eP\n    thBmdYeRTGJrJ1PxYSGBJjKg6ksnmUO9ethzG09Fxt460aZfbIZikEIMtiDirqES\n    fLCnOrXnlA44sn4sHuoSO7gWZcgvkjB6HL8HShOIO3kwbB0tcl8MX8/P4kyE/OCB\n    -----END RSA PRIVATE KEY-----"
  ]

# known working private key rule from default gitleaks config (as opposed to gitlab's rule which doesn't detect key content)
# https://github.com/gitleaks/gitleaks/blob/master/config/gitleaks.toml#L2630
[[rules]]
id = "private-key"
description = "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption."
regex = '''(?i)-----BEGIN[ A-Z0-9_-]{0,100}PRIVATE KEY(?: BLOCK)?-----[\s\S-]*?KEY(?: BLOCK)?-----'''
keywords = ["-----begin"]