Secrets¶
No credentials should be committed to this repository.
Local checks¶
detect-secrets scans repository files through:
make secrets
The baseline is reviewed project state, not a place to hide known credentials.
Additions to .secrets.baseline must be reviewed before commit.
If a secret is found¶
- stop using the exposed credential;
- rotate or revoke it at the provider;
- remove it from the working tree;
- decide whether history rewriting or public disclosure is required;
- update tests or examples to use placeholders that are clearly fake.