From c9a6f0e0923152ff572c12234361c39c63902504 Mon Sep 17 00:00:00 2001
From: Jose <joseraj@gmail.com>
Date: Sat, 14 Feb 2026 10:01:44 +0100
Subject: [PATCH] =?UTF-8?q?chore=20=F0=9F=93=A6:=20Update=20Gitleaks=20con?=
 =?UTF-8?q?figuration=20and=20README?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Add `--config-path .gitleaks.toml` to pr-check.yaml and create a new `.gitleaks.toml` file with allowlist and rules for security scanning. Rename 'API utilities' to 'Utilities' in the README.md table.
---
 .gitea/workflows/pr-check.yaml |  1 +
 .gitleaks.toml                 | 30 ++++++++++++++++++++++++++++++
 README.md                      |  2 +-
 3 files changed, 32 insertions(+), 1 deletion(-)
 create mode 100644 .gitleaks.toml

diff --git a/.gitea/workflows/pr-check.yaml b/.gitea/workflows/pr-check.yaml
index 63c652d..d967e7d 100644
--- a/.gitea/workflows/pr-check.yaml
+++ b/.gitea/workflows/pr-check.yaml
@@ -26,6 +26,7 @@ jobs:
       - name: Run Gitleaks
         run: |
           gitleaks dir . \
+            --config-path .gitleaks.toml \
             --redact=10 \
             --verbose \
             --exit-code 1
diff --git a/.gitleaks.toml b/.gitleaks.toml
new file mode 100644
index 0000000..d866f68
--- /dev/null
+++ b/.gitleaks.toml
@@ -0,0 +1,30 @@
+title = "Gitleaks Config"
+
+# ==========================
+# Allowlist / False Positive Rules
+# ==========================
+# [[allowlist]]
+# description = "Ignore placeholder secrets in README.md"
+# filepath = "README.md"
+# # Add all placeholder-like patterns that trigger false positives
+# regex = "cafebabe|deadbeef|DB_PASSWORD"
+
+[[allowlist]]
+description = "Ignore badge URLs in README"
+filepath = "README.md"
+regex = "https://img.shields.io"
+
+# ==========================
+# Rules
+# ==========================
+[[rules]]
+id = "generic-api-key"
+description = "Generic API Key"
+regex = "(?i)(api[_-]?key|secret|token)=\\S+"
+entropy = 3.5
+
+[[rules]]
+id = "sidekiq-secret"
+description = "Sidekiq Secret"
+regex = "export BUNDLE_ENTERPRISE__CONTRIBSYS__COM=\\S+"
+entropy = 2.5
diff --git a/README.md b/README.md
index 1a9a5d9..0e32586 100644
--- a/README.md
+++ b/README.md
@@ -26,7 +26,7 @@
 | Swap handling            |  ✅   |  ✅   |  ✅   |
 | Logrotate protection     |  ✅   |  ✅   |  ✅   |
 | Powertop auto-tune       |  ✅   |  ✅   |  ✅   |
-| API utilities            |  ✅   |  ✅   |  ✅   |
+| Utilities                |  ✅   |  ✅   |  ✅   |
 
 ## 📂 Directory Structure