GitHub Community
How do we mark potentially secret objects as safe in a repo? #161931
-
Select Topic AreaGeneral BodyI'm working on a tool that interacts with various types of private and public key files, and I have generated a number of them for the purposes of unit testing to be done via Github Actions. However, I'm concerned that Secret Scanning will flag them as dangerous and prevent pushes. I'd like to enable Secret Scanning to check for actually dangerous situations, but I need to be able to mark these files as "safe" ... I know that this discussion has probably happened a hundred times and I hate to be 101, but either search has gotten worse or I've gotten worse at it, and I'm coming up blank. Thank you! |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 3 replies
-
|
Hey GitHub Secret Scanning flags real-looking keys, even for tests. You can avoid issues by using mock keys (fake but valid-looking), or move them to paths excluded from scanning. Sadly, there’s no official way to whitelist specific test files. |
Beta Was this translation helpful? Give feedback.
-
|
This is exactly what I was looking for, thanks! |
Beta Was this translation helpful? Give feedback.
This comment was marked as off-topic.
This comment was marked as off-topic.
-
|
The point is that they’re not secret, they just look like secrets and need to be available locally for unit testing. |
Beta Was this translation helpful? Give feedback.
This comment was marked as off-topic.
This comment was marked as off-topic.
Hey GitHub Secret Scanning flags real-looking keys, even for tests. You can avoid issues by using mock keys (fake but valid-looking), or move them to paths excluded from scanning. Sadly, there’s no official way to whitelist specific test files.