Git plugin that helps prevent sensitive data from being committed by sniffing potential commits against regular expressions from a local .githound.yml file.
It runs the output of git diff -U0 through the Hound, which matches every added or modified line against your provided list of regular expressions. This runs in O(m*n) time (where m is the number of lines and n is the number of patterns), so be sure to commit often. But you should be doing that anyway, right?
To install Hound, please use go get. If you don't have Go installed, get it here. If you would like to grab a precompiled binary, head over to the releases page. The precompiled Hound binaries have no external dependencies.
go get github.com/ezekg/git-hound
Alias git add inside ~/.bash(rc|_profile): (optional)
alias git='_() { if [[ "$1" == "add" ]]; then git-hound "$@"; else git "$@"; fi }; _'git hound add <files>
git add <files> # When using the optional alias above| Flag | Type | Default | Usage |
|---|---|---|---|
-no-color |
bool | false |
Disable color output |
-config=file |
string | .githound.yml |
Hound config file |
-bin=file |
string | git |
Executable binary to use for git command |
Please see Go's regular expression syntax documentation for usage options.
# Output warning on match but continue
warn:
- '(?i)user(name)?\W*[:=,]\W*.+$'
# Fail immediately upon match
fail:
- '(?i)db_(user(name)?|pass(word)?|name)\W*[:=,]\W*.+$'
- '(?i)pass(word)?\W*[:=,]\W*.+$'
# Skip on matched filename
skip:
- '\.example$'
- '\.sample$'