A pre-commit hook to ensure that users don't accidentally check-in unencrypted files into a repository that uses sops to safely store encrypted secrets.
By default, any file with the word secret
in its path is required to
be encrypted with sops
. This means any files under a directory
named secret
are also required to be encrypted. If you want to exempt
specific files or directories from this requirement in your repository,
use the exclude
option in your .pre-commit-config.yaml
. When pushing
secrets to a repo, better safe than sorry :)
Add this to your .pre-commit-config.yaml
:
- repo: https://github.com/yuvipanda/pre-commit-hook-ensure-sops
rev: v1.0
hooks:
- id: sops-encryption
# Uncomment to exclude all markdown files from encryption
# exclude: *.\.md