Use a different secrets?

[siennathesane]

This is what the cloud.gov team uses instead of gitseekrets, it's been much more effective in the long run. Figured you might want to evaluate it.

https://github.com/cloud-gov/caulking

[jadudm]

It looks like the setup path would be:

1. Checkout that repos.
2. "make install"
3. Profit!

This would be easy to automate, and the base setup assumes homebrew. So, yes, this should be straight-forward. Oddly, because TMTWWTDI, much of what the Makefile does could just be a playbook in the laptop setup script.

I'm not in a good position to eval whether others would want to switch from git-seekrets (being new). But, it looks imminently/easily doable to work it into the laptop setup rewrite.

[pburkholder]

Much of what's in that repo is also for the audit feature cloud.gov needs. I'm not going to convert caulking to use Ansible because I can't assume that all team members will want/need Ansible installed, but I know they all have Make.

A playbook could be great though it we can get all of us using the same .toml configuration, whether that configuration is in this repo or is over in caulking.

[jadudm]

I voiced it, but didn't mean it. That is, I think pulling the repos and building "as is" makes sense, because it lets it continue to live as-is, but it can be integrated into the Ansible build in this space without loss of generality.

I'll build it in; it can always be made optional/user configurable. I don't know who would be the right person/people to talk to about whether keeping git-seekrets (in 18F land, if it is a different land) matters.

I'll sketch something out in a branch and poke this issue when it goes in.

[pburkholder]

Have you read this issue: 18F/laptop#185 ?

The right people to talk to are Alyssa, Aidan and John on the TTS Tech Portfolio team, and they've already landed on gitleaks as the replacement.