>>> [!note] Migrated issue <!-- Drupal.org comment --> <!-- Migrated from issue #3561125. --> Reported by: [prudloff](https://www.drupal.org/user/3611858) Related to !435 >>> <h3 id="summary-problem-motivation">Problem/Motivation</h3> <p>I ran trufflehog on a partial list of Drupal modules and found a few secrets (API keys, access tokens) in old commits.<br> They have been reported and revoked but it shows maintainers sometimes commit these by mistake (and often overwrite it with a force push without realizing the old commit can still be found).<br> It would improve security to automatically scan repositories for secrets and warn maintainers.</p> <h4 id="summary-steps-reproduce">Steps to reproduce</h4> <h3 id="summary-proposed-resolution">Proposed resolution</h3> <p>It seems GitLab has a feature that does this: <a href="https://docs.gitlab.com/user/application_security/secret_detection/">https://docs.gitlab.com/user/application_security/secret_detection/</a></p> <p>Another solution would be to add a tool like trufflehog or gitleaks to the GitLab CI template.</p> <h3 id="summary-remaining-tasks">Remaining tasks</h3> <h3 id="summary-ui-changes">User interface changes</h3> <h3 id="summary-api-changes">API changes</h3> <h3 id="summary-data-model-changes">Data model changes</h3> > Related issue: [Issue #3547431](https://www.drupal.org/node/3547431) **Tasks** - [x] Decide which types of pipeline the job should be added to. All including MR pipelies - [x] Decide what variables to use - ~~Gitlab's own (no), or our `OPT_IN` (no) and/or~~ `SKIP_SECRET_DETECTION` (yes) - [x] Decide when the job should be automatic and when manual. Always automatic if opted in. - [x] ~~Make the job end amber or red when a secret is detected~~. (not possible and also keep the output) - [x] Replicate in Drupal 7 templates - [x] Documentation - [new page in issue fork doc site](https://gitlab-templates-3561125-470bb5.pages.drupalcode.org/jobs/secret-detection/) - [x] Downstream testing in GTD - [x] Commit secret to downstream branch before merging this MR