# This is an example configuration to enable detect-secrets in the pre-commit hook.
# Add this file to the root folder of your repository.
#
# Read pre-commit hook framework https://pre-commit.com/ for more details about the structure of config yaml file and how git pre-commit would invoke each hook.
#
# This line indicates we will use the hook from ibm/detect-secrets to run scan during committing phase.
repos:
  - repo: https://github.com/ibm/detect-secrets
    # If you desire to use a specific version of detect-secrets, you can replace `master` with other git revisions such as branch, tag or commit sha.
    # You are encouraged to use static refs such as tags, instead of branch name
    #
    # Running "pre-commit autoupdate" automatically updates rev to latest tag
    rev: 0.13.1+ibm.61.dss
    hooks:
      - id: detect-secrets # pragma: whitelist secret
        # Add options for detect-secrets-hook binary. You can run `detect-secrets-hook --help` to list out all possible options.
        # You may also run `pre-commit run detect-secrets` to preview the scan result.
        # when "--baseline" without "--use-all-plugins", pre-commit scan with just plugins in baseline file
        # when "--baseline" with "--use-all-plugins", pre-commit scan with all available plugins
        # add "--fail-on-unaudited" to fail pre-commit for unaudited potential secrets
        args: [--baseline, .secrets.baseline, --use-all-plugins]