Update to use grep -F to find secrets -- it prevents special characters in secrets being interpreted.

2025-12-14 11:42:22 -06:00
parent 31992aa487
commit f00f95a689
1 changed files with 1 additions and 1 deletions
--- a/precommit-hooks/find-passwords-in-files
+++ b/precommit-hooks/find-passwords-in-files
@@ -31,7 +31,7 @@ fi
 IFS="
 "
 for i in `ansible-vault decrypt --output - ${ANSIBLE_VAULT_FILE} | sed 's/\s\?-\?\s\?[A-Za-z0-9_]\+://' | grep -vE '\||password|^\s\?$|#|https://' | sed "s/^ \+['\"]\?//" | sed "s/[\"']\s\?//" | sort | uniq`; do
-    grep -rl "${i}" . 2>/dev/null
+    grep -rlF "${i}" .
    if [ $? -ne 1 ]; then
        echo "A secret starting with $(echo "$i" | cut -c 1-7) was found in the files above."
        exit 1;