From bd196d25ad620b9fc647ec0b38b730e64dba94a3 Mon Sep 17 00:00:00 2001
From: Karan Jariwala <karankjariwala@gmail.com>
Date: Thu, 22 Jun 2023 14:27:52 -0700
Subject: [PATCH] Add secrets check as part of pre-commit

---
 .github/secrets/exclude.yaml |  2 ++
 .pre-commit-config.yaml      | 10 ++++++++++
 2 files changed, 12 insertions(+)
 create mode 100644 .github/secrets/exclude.yaml

diff --git a/.github/secrets/exclude.yaml b/.github/secrets/exclude.yaml
new file mode 100644
index 000000000..d2c8bb6d9
--- /dev/null
+++ b/.github/secrets/exclude.yaml
@@ -0,0 +1,2 @@
+.git/.*
+docs/source/_static/js/posthog.js
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index fcbc96008..e9fd4ead3 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -97,3 +97,13 @@ repos:
         entry: yamllint
         language: python
         types: [file, yaml]
+  - repo: https://github.com/trufflesecurity/trufflehog.git
+    rev: v3.40.0
+    hooks:
+      - id: trufflehog
+        name: secret scan
+        entry: trufflehog filesystem ./
+        args:
+          - --only-verified
+          - --fail
+          - --exclude-paths=./.github/secrets/exclude.yaml