From cbaf74de0e7b85c40a4a537fadad653b7c825aaf Mon Sep 17 00:00:00 2001
From: William Carroll <wpcarro@gmail.com>
Date: Thu, 20 Aug 2020 11:53:14 +0100
Subject: [PATCH] Setup git-secret

This morning I'm attempting to secure my monorepo. How?

- `git secret`:  DONE: To version-control sensitive data
- `git secrets`: TODO: Lint code for sensitive data

I will probably update the CI to call `git secrets --scan` or some similar
command to fail when that exists non-zero. I have much to learn, but doing is
the best way to learn it.
---
 .gitignore                   |   2 ++
 .gitsecret/keys/pubring.kbx  | Bin 0 -> 6799 bytes
 .gitsecret/keys/pubring.kbx~ | Bin 0 -> 32 bytes
 .gitsecret/keys/trustdb.gpg  | Bin 0 -> 1200 bytes
 .gitsecret/paths/mapping.cfg |   0
 5 files changed, 2 insertions(+)
 create mode 100644 .gitsecret/keys/pubring.kbx
 create mode 100644 .gitsecret/keys/pubring.kbx~
 create mode 100644 .gitsecret/keys/trustdb.gpg
 create mode 100644 .gitsecret/paths/mapping.cfg

diff --git a/.gitignore b/.gitignore
index e7ee823e5..911fce105 100644
--- a/.gitignore
+++ b/.gitignore
@@ -31,3 +31,5 @@ node_modules/
 /configs/.config/fish/fish_variables
 /website/blog/public/
 /emacs/.emacs.d/tramp
+.gitsecret/keys/random_seed
+!*.secret
diff --git a/.gitsecret/keys/pubring.kbx b/.gitsecret/keys/pubring.kbx
new file mode 100644
index 0000000000000000000000000000000000000000..692d5c67b04b379a63d59fe3b322735f382586a7
GIT binary patch
literal 6799
zcmZQzU{GLWWMJ}kib!K%U|@*13v2^n5F3J}@|hUHtWyjOk`ozN7-Z_&CrPcD6X-YD
z@yN&HOKpz!TFdu<%mJzT<okrx{pb6bkX0YTq#{#aik43EV_;yg0m;1zw-=C^d#1BT
zWx+SOJF~N%O|;v|z`zgzl50Hi-)H;HHqSZw7h4OK&G@Kt<I+b428I%l90LObBLfcu
z1Jf%81_ouY2s;A{m?naN`DP{)FH5B5&4Y{r4A*WwtYNZpJG#C8)NZGyr^VB^U*piS
z-#d-XuXBaG-l==Lcjq$l?wZ8dAE;V%=-AQC-YYL^<;UHgYCL7>qSHq+T!MN3thEX}
z`N~n=XWQ;cynH&gQc)p0i<VFN)*zn#n`h#;M<xunl1@CCu27t8qHVdZJ;b!G!RYR<
zb1srMrfskF3+WHuyg<!X__oK}lx_}7DgB#<PB#x~9$de-r;;~AXdCMd%VL*J%30ri
zm9l>9yZ$j!{!Zm=6W7lEe5)UxF(Utuo{SLWy3%Q9knrbV$<EVDX5X7r6_=IxX{Vbr
z!=Hjp``37UQcka&@n^%#7iY{Y)|_!Ya8vk5#|QcAOuo5H?iYPFo-LTtzAIf;srX>t
zn{Q6ula-B+3+Pq7vwC@T?p}$7SL_P5$GwR3+P#xEDCp#xI^TH@3wx74p3&RB`~9gG
z>Vn}nmPWqI-qe3$*5!DKx1Jr^k2bdVtqQrpvRuxI<Nfa0ky|!pNDF=mw&G+II;1OO
zBy(R@YK5k!N$kbxyY%kd(8<-?`Mk*H>S4_jyQQ_RmT+zi>9VWXV4A)2dxE;^j-;7W
z&T_Ek)YKYvUSA;OTjlkpYW3Zc`A_5C2A(nO2+Tbu=k(6?!F2TshrZ6qOJ9Dd^w;|)
zZmOId+TtUp|E?m)_LgPtJ%<$~w!89fa0q_*UR_kE`SGFE9iauhi>_4txVJoiD}x{-
z1LFoB28Q&4bV%A}*rFVsnUj;5n5*ENSX7jslcQi$UXTo8I;7_&X6EQ6=jYl%wJ<?a
zT_;lri!dVxgPoWn3$`r5$^=SoOw!D(oSbQl4XoUp9PCVNq8yxD+)ONDOw5c-a*Ryk
z4GdhI0<c^pmCyfIOl$wl<#V4zpP1Lwq%AQ&ql1<E^RJyNOA_u+h+0#grp4E|_>7Zx
znA`Fny%~B%llD*HT=B=WA@9D|zv*wSUhKbA$Cb9dJ?zr_1jnxR+~1~6^J%&<>(s&O
zog!biD4Q(IyR_o|o?lBO>)K=9&G{T$a*;!+dfpEMg`z0tx2opSHk&d^dh%XBTa?f2
zSX_Ey&i=a>r(M@O&syxi`Sy3ew<k9<UbKFDFTio(-kO}v+tgIkT7|yxe)Mn4n>P8?
z<~v8T{p9UFPmheObLF^c*%}f3<xgfvdR#~GeZ9Byg{N&kuEr5wd&S`5<@?U5)w+zY
z#ij+nDb<X<eypeWv02=ncbTcqN#0RwSIlsAFMc`2zi`3I4Gm^4mH&PVD*Ue6<tX!2
zz3oljLOyM6JFO7DZ;upg4ykk;>lSO@Iq%)}m_8Q6H?OzpTM3#PihT6G?sxvnvXUn4
z<iO%DnrhD_`5tedn6`6<5R=;>uZT54k$Y_C-<h%EujQOI)dr^~7P@WMR$*{@veb&>
zbU)j6MNx&5cAVu3=IS9a7Tt4`Y{EIz+(YbIG`$lJzhCEf&V9|PPj|vMae69Um>3Wj
zKZEm!^UjR+75iD#FDxl9n)2@0yt;!HP9+@k+1Krpcz-T-+Zl%V6JZA3o4q?XG88Oc
z<te}6@od&lkA7CAq_1?I`0GLscbV1$Wk<Q1l7dSc*ch183(^@n8I4&47&#bZ#S~fi
z1y^>q&+Fd(_uwNlm-o?eZ8Dt8S(zf&?JEGK9+-&00}h5+2IqbsnfvknoN616-Wgig
ziqGf2KXqZru?<Z3-kG}^7<V0JK2^RiO>=|ji79y>lv(N+!!EaR<+)E?e(iLH?b0R3
zbd<P!ll7v57o6qd*y-@D<l2!}l}qRR+nM&}h9y&AjYQKf(G}XZx?d~ZHy)X{EhNgg
zyHKff(~PPaa*B=@@4Ym5{rDQ2_qjwB<#bn>%O~%2AJwU5xRA;Hj)x)e_tM!qX5ue?
zZwm0a`sVQM)5a_guaE8QN+{sk*^p3Wa((Za5U$Gt0t@$sv{*)EN7aO?70G|`p0CDK
z7PW;f{qK{{Srz^gld@VlKJ_llF}7T{Qst$6a_01wnfoj381`jmT+i(`-@pdW)eN0X
zh|m-MsjnOH{&ZTVhToPu8=`%F%=(kY$`rZpoIWV@U?K`!0t|<(9JX)NzJBWSLCK>H
zyN<t_F>&wfb7pNP-rhZv5%0=!RQ=#vv8|KcXWP$y>%g%vJ@;?n;tgVX$FzEb4C78s
z*?w(D-|^K;mm5zvxS-c@lw(PoSo)#RI1_OecKy<Q+`Wc6Mdw!Ey}hL9@T98pkJl!i
z)%p}28@K<?7WL|kOH04p%}Nkiw86jpf}veqc#ovnn{#5RZ5dy6cBm+Na{LVSU-^|!
zXF-$k?hL7{IQ{7QS7}VD6F8SNJBB_}-94LSPQ-WCf6h-Q6#Deva?3OhZG2(4)rC>T
z_2bXLl06oETO|+n_-<Gj^y*4z+oZbtm35r^$`-Gh{)_pzSH*RGA@*mN9gnw(RMv00
zY}s-tHepqZW(Ui{l}TY4e?A<Oy&1YtWa9Hzz5gSP?6=NruFLzq_2Q*zO}=tp-I@0-
zD0A=nU%h+r|Bl~RBm8cyP>Ory5cZN^k-g`!?#Ew@JMJjl{~NBWa);?)&7G)iPLa%-
z^|o9IUejMPxjlLI%F*s~S4hINjSZF?TihQURywqKofpHxd1}uC?UdClMBWMQ?s#&N
zJ#w~*_a{S5oo4Ci5<c<B=R3OoWqFr5#lH;<Iu$v&Na(}${<&-BG(TRdJcB1!QB)}D
zP}be4_u{-vr?^H<duD2|;>U>{+avZ&Vsem`PQSEo?S_`Uxi3{)dA=^+G?QsYM3iOK
zg!h@B-PK{KXD6bqu&280m&ZNbC;b=QQgZ*coflWwb6rt2<Ih3k$E_Q;IIq8~z4d!@
z(EJaLCl)&Nm|Q7ko|eaYGvl^2cjEtJIa{2$?<f{*`zQMAn4;G52fvQ&Oj>hvP3Zj8
zF4<4BTs1CB9lm_0FYe3MyYm_kIByS`_&oB_L-oWHr|UId?wGB)U-zGgxz5vMo+WwK
z(f6v=_KR`+dm3B#;QjC2Hy7q+XHD6VW+&-=esLS)YwN5^_9=&CZ!@d73EWhkQPH_)
z>#y05T2y^=l%?HYPoLhm{Qq9rPg_@SDS3R+huL!O%WuyvSrs3#zQ_BnW@YNCn=Agk
zsS!?-T)+Ni^^TZ{ze`TPI-e-O^pw5CZONOREt%^NY+~r{+B9|cM0L|GTTb8OJ=QFE
zS#i4}m-vMn%X~wc|C;W|??1C%&QGz(N4d&^Z9_!+?j=2eZIKo~l(bwvYOXnQpJ$Gj
zpv!KzQi=3^E#Di1!fzf~(UcsR=)JmZveA-79{0SNSbi}~YF{h6uVAXXaX5>@?n6p1
z<aYDA1?V>(JDZg)q`ACh(lLFvu0J()PV2Z{YF?Sg_<^(V;;cY{-HbvnB1@dhbpE$5
zw|jTO-ul^o#yw7Tt-f0ve?Gp=_)Igf?v;W6p<Tu4KcwTH7}uRnTdU-hysE0({Enki
zTCQ?trnR=!54BA9^--^N9`1N2-I?Jj!<zr^{)XS;-@$E#P9_@`2}TYEH3C&V52UIG
z6)VS~4dZ-2{(pvBH%UZxS6}<Xa42^*>%Tib{g0b9Zm7?y`#IZIYvaO-Qq#-x&IPh~
zPPMHmW=@{V!JLtqwWIIP_U&B$nx`i_oGX~~aP_5MoVQvJe`@<GWuUDx<DN*Sv_{M6
zk6POuq*dZ$rwgp`3*Nov%uAc1LQdh!Uh{r@x#Uz@R`zkaa7UwPTuOhjd-xVd?sso^
z=iNzqbbLK;g5_ed3U$_nysAG;w{zSmpA;Co`SXdI58S=6JAYMduxyu`FSYVRYVxAi
z#qT8<yc~;CxYlh5x%K<&joW(v`o0Iv%Kg>&b&+l9+$BHeZG6eE9h_y8?yz0^>mR4i
z@^^O<)Sh_Mt+JUFEmjq;{Yf`0_pe3!Zp%=;)b@%g>8*Pf?Vn>c$@zVdZ`kVFFaJc{
z$a$d8rMl^Ex?qcAYuDjv-Is4?I?C+d<PyhpKQY8=`^ukw{Mys(mh4|(c1gm;;l|Co
z6Jt*+x!R?uo;Y@5`Ge*^@dkTN%y@r2_`sR-2D2o?Bc6Nlw1peSe>?Dg&WZDHzh=i*
zmh$cL?LC>iV=n&!{&Hqpqo7~+1uK^Q&vCs}Q8BTOW5&*@cMjU+OXXC^sVS&$ukC)%
zG4c3@_j5i7eW|n9dLyJ^jq>G34u4*Sh`;=uy>sJ2{h7%V*IYUsAfkJ_rHms^;&qkx
zu52du3jO)dMWkP|Y&>1IQE8!rqsZH?Ti<SF$_2x!ba1g^cP@refZ-}*c>OWa1G*c|
zhj%J=OFdolQ(t}g1M5g34zDAXtiIcJUwtLM`Op7Z_9>I}7u?<}%<@EZ8vnNmhQ~M7
zDgWDc{Fro%s%5@LpS0_LmnBiPxyj#+VpEE?_1=)WH6^4&ed97e^GPLVPPQ7JxalWy
zes#d2R0FTe8Ta|s!kxeVd$s!6n$3c~zcyX_b#=qB>)c;+VmTTd4HjBYy)#Qu=9I~?
zoB1#2OuYQ#dg9y5v(;}%EN-ayU({=D?DOHrp=+k+W1jnP{QfY5b?Ut}R@J_<7;n@#
ztJJ%$<lnT+EMUR~?as%_9~!C_pS<b1dDZ5Jes?y-Kj59Vqog}O-db<UX{o0Fkqg@r
z)<p{cW!@?G)N|(4q`Rv!R&C~Wiq3I4Z89@aSd&ZH{YRchvhr2_eo5EHRfl&3&kNtQ
zB(*3bYkJhH7^9#0Y&`7RTaK+U=-_=8EKu5%I;FWY?5u&$oSvMGzSqRHKQ+#|eA`>#
z*B6m@smC>V<d*YxscrRm`$J)3mFyDtRQBmFs=paObdQ==UVD0PnVW6*B`=q=V)teF
zbOL;96!cjG3$yMQ&TQk{DYat82Uex%@-|I-zSz4FFZp$^W(eQA{BLjl6N9sC)B67L
zT@TKamS1t}``5mY_6ZmEsrzhLTe4)9L`;FdbH+Q%1wL~;9asKtDY*IDp}qgap`gRO
z9_wn}lw9ka7zrs>Sc(W0D|Y8%n53B?#R`)HC%mU{utb4H652Y%)~{w|inKcy11gAM
zJ#G1H0fv)qyBe&PtaOOJ^w03-_l&YOd7C6%U$rCC+;#qVuX`V1=E!>M!6R?Oi-sz*
zRkRn2AKsRJ;=$$P-+t}C8B(<MV0yj!o=219zb-kN{AH=Hv{US<7418D&AMk_E0M68
zIxS^)_msVUTVHlQv^j8ffs2)6iP-~*Y!AV|?9mBcMS{f_+0UEqoN8G9YjrMjw5Onv
zAHSibRLWA;m-i<6IHpFozrEIy9TjMk9O}7Fc!tW8V{DQE?db{zyEz|R6bg5!yRcp;
zviyyY(MOg?O%42sZ2{#sPQKUCy0)~n)4FQ@B8h$GS7&GETK_%Ib~EZpxKnhgiQ$}$
zR!SU8Djq7ax<+}vxA5k266<}m?bX|s9-VDrPkZ$yRN535uW_5alPlc*RIH+`i`zDf
zd^wf{6ZRW_c3n8<|MZSy`}Z#G*tk09`ln;Xuh(z7xuT^{efj;x;{O^?`A2-7sdP;<
zV6&<JpNSm(N&52Z&uuanpT?l`q4T$Z_@ZNhf_mj$Ut*bmZTtHzck4Py@!9%Eoc9$~
zs@9+1ZS?JQ*In%?ddq}%8m&A0ayDb{DT~;XdM2{b!Qq@UvRv0hh`&oWS{wf|;Dh8T
zza?K<e_y}x`b*{CGcA)3olEW%`tm+|<vD&O-K5GcqoZ#wvtIq0nH4E?z&ONoovOgx
z<!oKX$5`LB-#p@F>A-p4;{Ai-C{5cS5n}`X|Cw`dZ<||uMg0P&SbgK{^%F1UaJ|~K
zaq&vGJu<2?T_=j8zr2pz@OHPZ<g(~%`+L4>ajjtB`WKva^WaIFS-xfgnv0h%IIR^i
zxkEtD^~J73tXod+IxXz7b@d(P1=HeYiDoNL*wXgyvBICH*Y@9Zxu{jJI%oP)w%<8V
z7kg$%DZTxXzw*hdm_x5+5)wr&cuH-0zw6WKS<|PAl#0IGeW<qL=PQr45ZRTFXKfIS
zp0WP=W;f}wT*;^Z)|iz^=iZoAZm;lYtK*x^mp8WDd2X1cDLlDR-^3_pdhL-NeTNHI
zZ~h&*hFx&OB(?vnK2@KWd3=0(A^W=FxtwDxJe*Ri^Q`_du37fXf4S$Cz-@6?oV1QH
zOWn?2;A~S@;ZPZRTESy(#|iUw`ZB`57b+}K_0f`>{v-RfvI)C&p`(zBO(!c)%1Wzs
zD<@Td(PA)c*X*29*>u@=-kku|AM&f-2Zn5uQQo|x^t!`p<ux<?*$(NhcTI6_W(Zvp
zu|qMuqTAl#kBt554KmK#Zh2bhs?NR5XVR>apL+k%^F2$CPpJ~*J^O#zM7_pmn(;C(
zvI~3PPyAY6^sp@LZwlLtTPM_R&1au?!bxND-YpgX1Q%NGF_}2C!B$JJcae(dt|uYc
z&*vSAaQPRXyX4k~bKjHiu`d=co!>8UgFl*oQtCI$xz1H>$DX|}_nq?PR{5IyMi(!l
zRYs2)1sLvLR@D^Px=3XCX6ujLSqpNWDOuJ^pZmTm<+(<nMaM1Up5j|KXBvH9Zhb*E
zR9&%2Zo?IYUZWq;!k1M9S1Nv5T-lmg68pF=aMjVcPli`m;?E`7#q<2Q%p7P^$!5%!
zwCv-BOO0VSF4?VQ+qgT#IDUJZLTsMHkD|kK6iV6q?tVL<DR=B@vtNg>rM4o!N5r?U
zUpCoBJX~=uV@=I!{;IcfTK~T9S7dhGaU#t8Qkb>Xvi8mC+QHq0r)#B)vn2HIo_zM0
zxw5jk`O$6@$9Y|{`DzvAQ{uj#l6~~@{#s+HGp8*Tb^o)m*l+*H)%mC@rSKlh>lG#w
zWG`HClW%V+t2imap)R~rdP3N4j}!W)>-$TzWv_|IE?Uss;O76u)a&_*x4LKFaqZYN
z=P_%hM!-BbhfMQng$v?))e}xHykT>A;?85vsylYY1g6^Ye>ze>w|Dm;$8~*-A+P_m
zKlpCUu&49bgp7TLzEMqVm)E!O{=dYNEik{PdB#ik&+j%(+kcidGdY?6b?vej+VO{1
z&Xv2ab?4LcTZcTvk8<f`cy3@*__|eyzf<Z*Ybndt8}Gxu@q}gg@P}p1I`$ypa(GX<
z?LooS@uxi<Jhb9d<oTWV<Xqb!F5vJ+#C_h5Cc*ygO&?buzw;#5yghlv?nO6`N5&^q
zZ*V%Vq;_Na3-6RLvBIOQKYcU<46h~#Ln<S}ZCtx^kC~*gv~hbE2{0^KncDF<=GVD?
zqdN>1b06QibB^P~CxaIaw>!CHPFS2!RZ=mkJ6gNe>0D?1eUAbq*4KII^Nwnr6nIcl
z(_HmV(yx5Q)rF1;$A8rEWCb}Yg>Use_Q$OA!u{yfO&5P|l28x&=)B>p^J0&qf@bFL
zlYa$F33mH=bYrUf>)^x(@#YRiB2N=JU)r-ZXB=U9FD?3)e`?s(-s&3+yVbQNZt%Cs
z8Jln}UZvQZ{Y>c6*B$$xT*~0P@y}RTU>eK$`@1e)GkVasBkHej#DmM1i&~CyahPrK
z)8|P4&+vzFMv=+_-yLk1(k6?W9Qb#WY3<6#g~A(e`?6WHt*NYikk9AvVErz`A8R(d
z7w5%1yuhjU%)^D>ymC=ThN?`0P|>Y&(fj3gqMyTVEOOy|RU>14CgD=!ttb<H<1Yqm
zuT&+{uJfLss?ni%$!ekLe$nzzv&8tWc~4k9!L|DO>EFF4zVjbXpPykI|0l-%9<!DH
z{#}iqYWEm(1@wn!U$ER=;N$)`yz@ojpQPUt=T_BDxYjc9Ylo_gJ@@{D%7?jfj%C&!
zwEh_Uqc-hN)Y4B))2#K)v||p2oT)CBpZ&Z3!Zf#!_Zj=8E_>V5rafi!TJW{{e9rkT
z=R?n_3h8`)s^Ip<zsO>0nQTimdrm^i?`P4;Hw6PtpO}g(t*q@8J(z2%W$RMUs_}9v
zi;!I^?;aULSh3Q{B+sJ3$icwL$`rZ(nFEt7GpG>)>kUo%FTl`ICg%S}A&D{Y;#=l~
z%S+D}%}bo4Xen;_$KlJn1seknrf^9)&MiBoZ#cC}sq0R?>&b;hH81j%mVJ?8z5dYT
zMoG!Sy~i839KT%qj7PVG>1SGJL(kki6R+?4)p#U0_|8|I3RD)_onT*7FIn>Bb=>m(
zS0j=P+f0^-s@!pwP${mRsdF#?K}7wB*6q5YthZQRD{i`VYfe^%`$Co!mrOo~GbOv`
zUYV%K@o7(@OaDPzZmrx+PSYpei`ltMEJ;Q0U25d2=kfgYM>S+Sa`P8|{p1v981~w1
zqA{<z8|S=v8oCF6N5?PxU1L~SUgN|oZsxUu_0+0^hc|MEM*LQ6?)UsqoLTG~?WAAw
z`&8ni*6aww7kn=hrT7a2EhDaey>jwx9&bhH{1e=3*t=KTO|#F~-ShJ-#|+_kzPjp6
zhLdl#xjwaDnq!k4pmj@a<9?|x`oYFb++LX$^^Cr!p4n@^Z3!uPEFyDo(i0tnG8x_p
z3_dqCcZ+34>VNP(lwnxq;pwG)TEEz8#W!<3bHgJO;;TDUzKVo@|Hjm)$>q=e@yaUO
z`|H^rrW+<anQUJ^by3`k%L-ZLURVG8U&^7O#5n)v!r=AYGoJbDc6|LARrBZA^0_W0
z^%K2+9XpsCU-8e=h`%>rkIZ#F6~EoPmN{MydV6mAW3$(B?ZLGxKNclDO1S!Lv0zlv
f^Pdi|loGx_eamhe!LK*IRo{K;us~V5+JP4U*Kk&?

literal 0
HcmV?d00001

diff --git a/.gitsecret/keys/pubring.kbx~ b/.gitsecret/keys/pubring.kbx~
new file mode 100644
index 0000000000000000000000000000000000000000..c0a748ce2c37a0225e18f72cf81dd13d23ef6e79
GIT binary patch
literal 32
fcmZQzU{GLWWMJ}kib!K%U|@*13v2^n5F3O6MA-yb

literal 0
HcmV?d00001

diff --git a/.gitsecret/keys/trustdb.gpg b/.gitsecret/keys/trustdb.gpg
new file mode 100644
index 0000000000000000000000000000000000000000..369485be0624d934e8792ed59755130e548976db
GIT binary patch
literal 1200
zcmZQfFGy!*W@Ke#Vql233v6S+4j8$xi(`n6s>28pu)t`zfP(>p7!4PUAOQ=Eh6^|t
GFbDvMZUg23

literal 0
HcmV?d00001

diff --git a/.gitsecret/paths/mapping.cfg b/.gitsecret/paths/mapping.cfg
new file mode 100644
index 000000000..e69de29bb