chore: add detect-secrets pre-commit hook and baseline file

[ogabrielluiz]

Summary by CodeRabbit

• Chores
  • Added automated secret scanning to the project’s pre-commit checks.
  • Introduced a baseline configuration to help detect and manage potential secrets in the codebase.

[coderabbitai]

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

A pre-commit hook for secret scanning using the detect-secrets tool has been added to the configuration. Additionally, a .secrets.baseline file has been introduced, containing the baseline configuration and detected potential secrets across the codebase. No changes were made to code entities or existing configurations.

Changes

File(s)	Change Summary
.pre-commit-config.yaml	Added a pre-commit hook for detect-secrets with baseline configuration for secret scanning.
.secrets.baseline	Added a baseline JSON file listing secret scanning plugins, filters, and detected potential secrets.

Sequence Diagram(s)

sequenceDiagram
    participant Developer
    participant Pre-commit Hook
    participant Detect-Secrets

    Developer->>Pre-commit Hook: Initiate commit
    Pre-commit Hook->>Detect-Secrets: Run scan with --baseline .secrets.baseline
    Detect-Secrets-->>Pre-commit Hook: Report potential secrets (if any)
    Pre-commit Hook-->>Developer: Allow or block commit based on scan results

Loading

✨ Finishing touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch add-pre-commit-key

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (3)

.secrets.baseline (2)

3-88: Validate plugin configuration.
The list covers a broad set of detectors. Review and remove any plugins not relevant to reduce noise and scanning overhead.

---

89-128: Review filter rules.
Consider adding filters (e.g., for docs/, src/backend/tests/, or other generated assets) to further suppress false positives in documentation and test data.

.pre-commit-config.yaml (1)

28-29: Limit secret scanning scope.
Optionally add a files: or exclude: pattern (e.g., \.(py|js|ts|yml|json)$ or exclude docs/) to speed up checks by focusing on relevant file types.

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9c25245 and 4252f67.

📒 Files selected for processing (2)

• .pre-commit-config.yaml (1 hunks)
• .secrets.baseline (1 hunks)

🧰 Additional context used

🪛 Gitleaks (8.26.0)

.secrets.baseline

134-134: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

144-144: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

154-154: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

164-164: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

174-174: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

184-184: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

194-194: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

204-204: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

214-214: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

240-240: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

260-260: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

268-268: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

278-278: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

286-286: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

294-294: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

302-302: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

310-310: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

320-320: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

330-330: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

340-340: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

350-350: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

360-360: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

370-370: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

380-380: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

388-388: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

398-398: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

408-408: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

418-418: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

428-428: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

438-438: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

448-448: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

458-458: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

468-468: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

478-478: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

488-488: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

498-498: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

508-508: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

518-518: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

528-528: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

538-538: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

548-548: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

558-558: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

568-568: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

578-578: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

588-588: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

598-598: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

608-608: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

618-618: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

628-628: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

638-638: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

648-648: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

658-658: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

668-668: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

678-678: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

688-688: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

698-698: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

706-706: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

714-714: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

722-722: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

732-732: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

752-752: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

762-762: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

772-772: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

782-782: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

792-792: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

802-802: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

810-810: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

820-820: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

828-828: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

846-846: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

856-856: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

866-866: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

874-874: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

884-884: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

894-894: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

904-904: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

914-914: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

924-924: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

934-934: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

944-944: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

954-954: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

964-964: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

974-974: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

982-982: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

992-992: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

1000-1000: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

1008-1008: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

1018-1018: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

1026-1026: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

1036-1036: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

1044-1044: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

1054-1054: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

1064-1064: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

1074-1074: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

1084-1084: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

1094-1094: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

1104-1104: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

1114-1114: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

1122-1122: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

1130-1130: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

1140-1140: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

1150-1150: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

1160-1160: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

1170-1170: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

1188-1188: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

1198-1198: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

1206-1206: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

1216-1216: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

1224-1224: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

1232-1232: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

1242-1242: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

1252-1252: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

1262-1262: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

1270-1270: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

1278-1278: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

1288-1288: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

1296-1296: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

1304-1304: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

1314-1314: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

1324-1324: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

1332-1332: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

1342-1342: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

1350-1350: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

1360-1360: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

1370-1370: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

1378-1378: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

1388-1388: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

1398-1398: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

🔇 Additional comments (4)

.secrets.baseline (3)

1-2: Confirm baseline version consistency.
The "version": "1.5.0" matches the detect-secrets hook rev (v1.5.0), ensuring compatibility between the baseline and the tool.

---

129-1405: Audit baseline results.
Thousands of potential secrets are recorded; verify each entry is a false positive ("is_secret": false) and confirm no real credentials slipped through.

---

1405-1406: Confirm generated timestamp.
The "generated_at" timestamp is correctly recorded to track baseline updates over time.

.pre-commit-config.yaml (1)

24-30: Integrate detect-secrets pre-commit hook.
The new hook is properly pinned to v1.5.0 and references the baseline file for consistent secret scanning.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud