Skip to content

NotAShelf/inquisitor

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
.github/workflows
.github/workflows
 
 
nix
nix
 
 
.envrc
.envrc
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
flake.lock
flake.lock
 
 
flake.nix
flake.nix
 
 
go.mod
go.mod
 
 
main.go
main.go
 
 

Repository files navigation

Inquisitor

Simple, minimal secrets scanner that I've created for my Forgejo repositories. Slightly more powerful than a bash script abusing grep with regular expressions and slightly less than a full fledged Rust program.

Using

Add "private" headers and path regular expressions to a configuration.json and pass --config=path/to/configuration.json to the program.

It can be most easily used by wrapping the inquisitor package with the configuration file:

let
  configurationFile = writeText "configuration.json" (builtins.toJSON {
    headers = [
      "AGE-SECRET-KEY"
      "BEGIN OPENSSH PRIVATE KEY"
      "BEGIN PGP PRIVATE KEY BLOCK"
      "PRIVATE"
    ];

    excludePatterns = [
      "*/workflows/sensitive.yml"
      "*/services/forgejo.nix"
      "*/inquisitor/package.nix"
      ".git/*"
    ];
  });
in
  symlinkJoin {
    paths = [pkgs.inquisitor];
    postBuild = ''
      wrapProgram $out/bin/inquisitor \
        --add-flags "--config ${configurationFile}"
    '';
  }

About

Minimalist secret scanner for Git repositories

Resources

Readme

License

BSD-3-Clause license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages