Skip to content

Commit 5b6598c

Browse files
committed
feat: Add trunk rule to detect mParticle API keys
1 parent f388d11 commit 5b6598c

1 file changed

Lines changed: 25 additions & 0 deletions

File tree

.trunk/trunk.yaml

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,31 @@ lint:
3535
- shellcheck@0.11.0
3636
- shfmt@3.6.0
3737
- trufflehog@3.90.6
38+
- mparticle-api-key-check # Custom rule to prevent mParticle API keys from being committed
39+
definitions:
40+
- name: mparticle-api-key-check
41+
files: [ALL]
42+
commands:
43+
- name: check-mparticle-keys
44+
output: pass_fail
45+
# ──────────────────────────────────────────────────────────────────────
46+
# Matches:
47+
# us2-[32 hex chars]
48+
# us1-...
49+
# us-...
50+
# eu1-...
51+
# Any two lowercase letters + optional digits + hyphen + exactly 32 hex chars
52+
# ──────────────────────────────────────────────────────────────────────
53+
run: >-
54+
sh -c '
55+
if grep -E "(?i)[a-z]{2}[0-9]*-[0-9a-f]{32}" "${target}"; then
56+
echo "ERROR: Possible mParticle API key detected in ${target}"
57+
echo " Format: xx...-[32 hex chars] (e.g. us2-, eu1-, us-, au4-, etc.)"
58+
echo "API keys should never be committed to version control!"
59+
exit 1
60+
fi
61+
'
62+
success_codes: [0, 1]
3863
disabled:
3964
- yamllint
4065
ignore:

0 commit comments

Comments
 (0)