Hound is a Git plugin that helps prevent sensitive data from being committed into a repository by sniffing potential commits against regular expressions.
Upon commit, it runs the output of git diff -U0 --staged
through the Hound, which matches every added or modified line against your provided list of regular expressions from a local .githound.yml
file.
To install Hound, please use go get
. If you don't have Go installed, get it here. If you would like to grab a precompiled binary, head over to the releases page. The precompiled Hound binaries have no external dependencies.
go get github.com/ezekg/git-hound
Alias git commit
inside ~/.bash(rc|_profile)
: (optional)
alias git='_() { if [[ "$1" == "commit" ]]; then git-hound "$@"; else git "$@"; fi }; _'
- To build for your operating system, simply run
go install
from the root of the project directory. - To build for all platforms using
goxc
, rungoxc -pv=0.5.2 -d=releases/
.
git hound commit ...
git commit ... # When using the optional alias above
These flags should be included inside of the git
alias, if used.
Flag | Type | Default | Usage |
---|---|---|---|
-no-color |
bool | false |
Disable color output |
-config=file |
string | .githound.yml |
Hound config file |
-bin=file |
string | git |
Executable binary to use for git command |
Please see Go's regular expression syntax documentation for usage options.
# Output warning on match but continue
warn:
- '(?i)user(name)?\W*[:=,]\W*.+$'
- '\/Users\/\w+\/'
# Fail immediately upon match
fail:
- '(?i)db_(user(name)?|pass(word)?|name)\W*[:=,]\W*.+$'
- '(?i)pass(word)?\W*[:=,]\W*.+$'
# Skip on matched filename
skip:
- '\.example$'
- '\.sample$'