From 58dfc42cc315f6058c54bc388eeb47f91ca8f826 Mon Sep 17 00:00:00 2001
From: Anthony Brown <anthony.brown8@nhs.net>
Date: Fri, 17 Apr 2026 08:53:35 +0000
Subject: [PATCH] use gitleaks

---
 .gitallowed             | 46 -----------------------------------------
 .pre-commit-config.yaml | 11 +++++-----
 2 files changed, 5 insertions(+), 52 deletions(-)
 delete mode 100644 .gitallowed

diff --git a/.gitallowed b/.gitallowed
deleted file mode 100644
index 3f84755..0000000
--- a/.gitallowed
+++ /dev/null
@@ -1,46 +0,0 @@
-token: ?"?\$\{\{\s*secrets\.GITHUB_TOKEN\s*\}\}"?
-github-token: ?"?\$\{\{\s*secrets\.GITHUB_TOKEN\s*\}\}"?
-token: ?"?\$\{\{\s*secrets\.DEPENDABOT_TOKEN\s*\}\}"?
-id-token: write
-self.token = token
---token=\$\{\{\s*steps\.generate-token\.outputs\.token\s*\}\}
---token=\$GITHUB-TOKEN
---token="\$GITHUB-TOKEN"
-"accountId": "123456789012"
-accountId: "123456789012"
-"AWS_ACCOUNT_ID": "123456789012"
-console\.log\(`access token : \${access_token}`\)
-.*CidrBlock.*
-.*Gemfile\.lock.*
-.*\.gitallowed.*
-.*nhsd-rules-deny.txt.*
-.*\.venv.*
-.*node_modules.*
-.*\.whl
-sha256:[a-f0-9]{64}
-.*\bversion\s*=\s*"[0-9]+(\.[0-9]+){2,3}"
-.*platform_system\s*==\s*\\?"Linux\\?"
-.*=\s*\[\s*".*\(?[><=!~^]+.*\)?.*"\s*(,\s*".*")*\]
-.*=\s*"[><=!~^,0-9\s\.]+"
-app = App\(token=bot_token\)
-token=bot_token
-token="test-token"
-token: slackBotToken
-token: props\.slackBotToken
-secretValue: JSON\.stringify\(\{token: props\.slackBotToken\}\)
-token = slack_event_data\["bot_token"\]
-client = WebClient\(token=token\)
-client = WebClient\(token=slack_event_data\["bot_token"\]\)
-context accountId=123456789012
-.*:sample_docs/.*
-token = get_bot_token\(\)
-"AWS_ACCOUNT_ID": "123456789012"
-def from_token
-token = os\.getenv
-password: \${{secrets\.DEPENDABOT_TOKEN}}
-token = result\.stdout\.strip\(\)
-token = cli\.resolve_gh_auth_token\('explicit-token'\)
-token = cli\.resolve_gh_auth_token\("explicit-token"\)
-token = cli\._get_or_create_gh_auth_token\(\)
-token = cli\._get_or_create_gh_auth_token\(\)
-assert token == 
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 4383a23..1b865f6 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -75,15 +75,14 @@ repos:
         types_or: [sh, shell]
         pass_filenames: false
 
-  - repo: local
-    hooks:
-      - id: git-secrets
-        name: Git Secrets
-        description: git-secrets scans commits, commit messages, and --no-ff merges to prevent adding secrets into your git repositories.
+      - id: gitleaks
+        name: Git Leaks
+        description: gitleaks scans commits, commit messages, and --no-ff merges to
+          prevent adding secrets into your git repositories.
         entry: bash
         args:
           - -c
-          - 'git-secrets --pre_commit_hook'
+          - "gitleaks git --pre-commit --redact --staged --verbose"
         language: system
 
 fail_fast: true