title = "Gitleaks Config"

# ==========================
# Allowlist / False Positive Rules
# ==========================
# [[allowlist]]
# description = "Ignore placeholder secrets in README.md"
# filepath = "README.md"
# # Add all placeholder-like patterns that trigger false positives
# regex = "cafebabe|deadbeef|DB_PASSWORD"

# [[allowlist]]
# description = "Ignore badge URLs in README"
# filepath = "README.md"
# regex = "https://img.shields.io"

# ==========================
# Rules
# ==========================
# [[rules]]
# id = "generic-api-key"
# description = "Generic API Key"
# regex = "(?i)(api[_-]?key|secret|token)=\\S+"
# entropy = 3.5

# [[rules]]
# id = "sidekiq-secret"
# description = "Sidekiq Secret"
# regex = "export BUNDLE_ENTERPRISE__CONTRIBSYS__COM=\\S+"
# entropy = 2.5

# ==========================
# File-specific entropy overrides
# ==========================
[[rules]]
id = "generic-api-key-docs"
description = "Ignore placeholder secrets in README.md"
regex = "(?i)(api[_-]?key|secret|token)=\\S+"
filepath = "README.md"
entropy = 5.0   # high threshold, placeholders won't trigger

[[rules]]
id = "sidekiq-secret"
description = "Sidekiq Secret in README.md"
regex = "export BUNDLE_ENTERPRISE__CONTRIBSYS__COM=\\S+"
filepath = "README.md"
entropy = 5.0