From cbaf74de0e7b85c40a4a537fadad653b7c825aaf Mon Sep 17 00:00:00 2001
From: William Carroll <wpcarro@gmail.com>
Date: Thu, 20 Aug 2020 11:53:14 +0100
Subject: [PATCH] Setup git-secret

This morning I'm attempting to secure my monorepo. How?

- `git secret`:  DONE: To version-control sensitive data
- `git secrets`: TODO: Lint code for sensitive data

I will probably update the CI to call `git secrets --scan` or some similar
command to fail when that exists non-zero. I have much to learn, but doing is
the best way to learn it.
---
 .gitignore                   |   2 ++
 .gitsecret/keys/pubring.kbx  | Bin 0 -> 6799 bytes
 .gitsecret/keys/pubring.kbx~ | Bin 0 -> 32 bytes
 .gitsecret/keys/trustdb.gpg  | Bin 0 -> 1200 bytes
 .gitsecret/paths/mapping.cfg |   0
 5 files changed, 2 insertions(+)
 create mode 100644 .gitsecret/keys/pubring.kbx
 create mode 100644 .gitsecret/keys/pubring.kbx~
 create mode 100644 .gitsecret/keys/trustdb.gpg
 create mode 100644 .gitsecret/paths/mapping.cfg

diff --git a/.gitignore b/.gitignore
index e7ee823e5..911fce105 100644
--- a/.gitignore
+++ b/.gitignore
@@ -31,3 +31,5 @@ node_modules/
 /configs/.config/fish/fish_variables
 /website/blog/public/
 /emacs/.emacs.d/tramp
+.gitsecret/keys/random_seed
+!*.secret
diff --git a/.gitsecret/keys/pubring.kbx b/.gitsecret/keys/pubring.kbx
new file mode 100644
index 0000000000000000000000000000000000000000..692d5c67b04b379a63d59fe3b322735f382586a7
GIT binary patch
literal 6799
zcma)91yEe=k{yNt26uN4?rwv-1%kV~2Y1&H2o_v}2KON$Ko~UG1Sdd%kl+$rm%M*d
zZ)@vS?RM3z>f8N&RrhwCK7ASh0MH;H0D!7826liaGndqk{qy|s|1mOmAi}@AQ2>B6
z4FCdAgvO<l)#YnzypjHVGE^Zxm?B1<{B(lm&#6=OEhNS3BNN@4V?8oM+a1D}SsG7a
z@jtm;eJLD@g7Ji8hT;pVl{}~IG|8@~u)&{P#PFk9$6~B<KG$@N$Ge;phJ~4vr?AhT
z+>;>yFaQAH?vqFVuXmKE@A!Y(-@kba!~_|NEcPMb0Oppy2LnYF20Ow=p)!#_yt6yz
zz^qaqvXC_rs;D_fSD{c>1kCPqgj8)tuYTBIi)!^WtGn59CSOKH>DZuyoDSyQdr|F?
zU1@5yc4#^#7P|zQk#3h)W%@-pvHdMZ+QkMxV99EDE1SmKnx9RiK2BF4G@SR_&4e83
zLRLqJhHk1(OEHrK{<6}6O%hmyjBAlcX0eZ@ui-;-0Hy<8JJN!Pw_G#5)1^9{)78iM
z6GQ5ifINQrgj9FYD`gXc$H5T;T(qwVlH3+|eLh`d<$0_5fo4vYr(FuNfIE-o-a4gI
zdi#K!yT-S_#s!7z#^paP;(v}mrk)3?y8;!b)tbI|WW;sbQ_^|&x$R%bsJ@}+8^YlX
zJQUrTE%-oE@>SBK!|a!#3bYIJ`SX#wQ1!y^o+;KR<D4DPqtRc?xcUnfhKJ70sl&N&
zbCLt)c(#qExK}m03!q9W8SoJ_&#<-GfgJZtM-&wSub+d0mtu{QtcpdM-*h^=n{#D>
z-IcTJr<eHb0Lw6xoORX*wMjQo(!Wu_x$Dw`nX%LAZN?Wcl1p$1Z^C>ro_e6leqil4
zpQ0aT2ioI2@!GC1Dw#w1^=xK;$g6}m6+6cPnw%HJ0`%4|qSdIl4*j1?EQz?TLaKZu
zy4@DQxW|`4UY;x`-$hsOiZM&S241aJy0-yv5da8{Pl&Sju>S|!fL3~aM;8}IOII3M
zOD`{X7Z)0FKM(6aF2vr|($R&}+TB(1zpnuQL0$q-7le-h21pXog8oxWAOZit4M>iN
zgo<j15RQb73Pu4U6M|9E(19Q#AR+>g3IRwQ4nRZ2`P)Tg?%4N4ti5k53$~1h3nL@h
zNQxZdk<fqNbXEIUti3j>^Rr{ciYObGQPoqZyh?H4^h)o|K&`qH2zOgkdB{Ex{na}Y
zie}dlr#Dk%A)VNOevy@>7P*i++85MCaNbJKU*a}XwbpY}P8u3#a+v>H$7dQ$7gTt~
zP2**Rc)%z`F5c|mlkB#)UFwb~?fr5%zxUg8);#AVlDB5d@}<VXNDIQW*ukonbjgQc
zmzH)WM!Oii3(OPEShuV<yDck&&KlH`zq1VuL*>DXA~6QWXLpXe_Ga<kYn%r~_*pGO
zOkn+xuiVq{HCfvr4un0TES>$AET;3Y<djW8vz|joTUjerqxV%g@`~O&8JeEO)s5kT
zasdywxHPwc-O?22%(44!C0J~1lB~K|7aKI<{S5K2B%-*k!ov=eS0JAKy>>29Tmc?}
z6V-W*$+LGpk!;r5-e)XKKS{ARJJRgBa`1o({VE1^&kcJdidJ%}?nUzJg1AT1JQX_F
z7yvR`6{6s=ROAj?LYfgtR6iOaW?d8Eqyj5(eK3=vu4FWes>Q%jy~c!M-RS9xelw~v
z-Bg;EnRyQCm28(oTvacKd8*vcE8`GW7}_T+;{z^2ssBiFG-2944lp0q<4$T(O=tpm
zl+`FxH*V%3oo-wQ+Spgirrk^>qx-V1(@RqY`*_SWA_EYga0y62-~-`2!He<<Uf8(R
z32}u<(EGj(LAfJivsen$$|rc$fAsi+p1%>Cbub{8d*b$U!O2>FkT^Ichjq?-(*0<3
zsvOn`Ts;($=jKZsKpge^Xvfk>IGo{jOb-f0(1XXKxhZB=&W-s?RFuQm>Cn`zIgNFS
zzo3D;AcsD4pLYW)@*leF_7_Be+QB4|-Go(a5*+6NicOyj+jWijl04}WnsWkksA#39
zS9iGgHs_F4CoCE0?d2)pBP&UR>_LDjNAyDsfc9-g9=jm%uiIuVwb}iF<uN`GWDnMr
zXyJj@6>bs8KmTD|7Y&YsQ}RJKTExiNDEI}F7xkHH5fjkYs1@1%e(SfBza~k#Qw;bt
zrNo6#q`sPAN6OkUJNj*}za-$Jqr<#wlF(E2{&Y1U0r>Cg;a_uc7#xk+IX=^9U1>B{
zyUM+@d#c{Y39diY`x~J_!vPG4LOPn*=0|_`kq(A;5AEipeb}22j2%AsHtt|94;p0d
zJ0NO%qnIa^cK`vG*t_0)mNgQ&!B|tC^O%ihbj)?W8mg_R<jdxs;*1{zm&X#>_rEaX
zCkCN#z5Ixt!o%)0QTuJV+-o2`(C=g}?F;Lvv8h?_N-J}a!%W55Hzx~%(nd|cDIUpC
z{bW+X{Rtx5Sch}=P6k?K@bwGL>T@ji;z&NI1DTT<mvPvx9gy)gYI&6Oi)}_|9w^`7
z66rzq$7@fu)FlN+z84X{c-rI;801f`wS9VoU$v3;C95}<Jm3BLA~rpAEg%&2qi<PF
z_6_2YivK(p9?CXcdMK74AgmcK5<O#TQ4`G)4=Sm)(sQ^whEXoQC?QDuxtsE6$Sc+M
zHY(KZwrzSQD^i{6ToLhOv9Ds{V-U3LG5&VeKx3(j&TJQ=w}VZKlDx@ra)Z#hLbG<S
z&%v+)><eBoYL_uYWC@c%vrx(20V-^5?@CMlPSmx?Y6=%=idI}7pzCj`R{@k1GX2z+
zq-PQ)IK+d-Z;hZB=JBhZ^02T+ksJG95gY#OOnh)s^_4L{(0)E@_{IzGcs{kDE<b9s
zf<6bsm6j0Cs^95b=Bk;BK!&_g*0un5)zxrkhe1y|5JE|AKlAZ@WAq2t9mW`p^UCJ8
zz#Ic3k-*nSj=vR||Dvbs-&&z3$oEERm18S)TEWKkK6a9rre~g((c!L-Z!@N;Rki`n
z)^-{7yy!S$xCD~S|MewemK)Nd!!kL#<s;0cRTh1P)}#G_@CHW9TDgAnxy!0<u<k{X
zZ6f7quKY7N*#LaymDyR_x59`|vK_i<KMgm&Gg}Uig+1Hp%wy^0cpwmB|6z?$?j~lu
z8pPB~1b+Bo>bZV&3tcR6b#}^Vw38%Noh*w**b{RKK*{K*Tt;M2z*(fv@lWV!yUE*#
zW>j~fCs*9d&VE(-_<{1Yt+v%?b6O2iq+sV_dq&jzv)C%;VQ{r=&0^KVelWfrX+y(e
zP^U@St<Tu*q$LjU2a1nE`F>ZlW5cIrKvH6JW?mYzKx^yRDkdxn7f#zji$*-P@J?Mf
z>RzDJJ$1Z+N`ux*jXqEqxzQjFTAr*OYbbn0$0~QiQulccBVPqq4yy2y#QtOSWyEv+
z#m`ld*4mb;wZ3n7%S)A3Re_)zKziJJ%8wqIihTMY8fZV=FDfXef)-Z<?2D5#9!q6(
zI*dyp@h(_WrXFpF<!d3rF{<Zut~L%70q>WgkE}2IV_c==;jon0b}vGYOlXXHtMv8e
zGQu{CcIYm*W`DQ0{S~>{7GLO?-FrG2>zcqMp%rO5J6C!~M=>_hD<((92BSUp@12L_
z2@c8>NbV17jkm;?|I!KxKyeVs6Bjf6AEO@QpHcrmN4mQP_5)8_Gl^kR(A*uM-?bL$
zVMQ%<GwRs_b8hH$o&;-CiT_Ihc;SRLNI6p?*c;Kh0F3D1=+yb@uA>7@lV$7;WWpo=
zd+p2(>Qc<WY3w-}HycCFDuE;Uv*@uC)(!|cgSlxoPL+lZv~GMy+{+UcAFfh(bv7gO
z(%1JS8$UjR(99;)TT#DN8vSq|vv9>~W2gbsLZpnypBbqHlkrNR1H9muu5H@#dpP(Q
zJ;k)^#=lV{j;e^P`q<XGG^Xr`6rdvQWrJ4VsJnD~zOc;s@apn;uIo+2d8x$9g7T}v
zrX6fH9Vc;nNC(^bolJt?;fe**mQrYqc&;%~pgG$qho0-ba2!<R1*dJCe};WbPib$y
zXu9mtb9KGi<()gD1($U$G{)v{_PEi~F^L0NN$_PyX^P%vIWypzrLJg4^|b~zTb5*b
zZ?WJEi5z5M@mred7@fSN4dXCuxN<$}&YZhvIOk|y=hOHkcP^>E!A}*8SbZMzi%&=S
z!;=T+&gKCxvAWe$Myxvvu#2(%5G8n@->l*Kzk76%pYiuk3kBzNWv=u|x|6y1Q!&vn
zcZ4JzfzyT>kMfW4&O(LT7Ieew=;0fXyIo!4om=OwrV_5V)@gM!V_F0p%hA4IGm^bP
z)oy1Xia%G;PXh8iP}7)i6I}^Jn&2RD>0-%|O6TuL{}-)DPMAEcAhQViVKBl^9F3Fu
z3A9OMKkBZzm@C)C4DrA!p97H8+o7|&#4UG^xl%UiT*b>D@IhOIS=bk^d4`%o=^xsM
zVB{u@BJR&#k;^~Il^cb)T3_;-+IY36ERZc_=*BZQz0(j%_Zc6F;Tc}kAegMxDz)WS
zfjg{WGwI8oKkU|S*R|lP-!#wN%r?U2(a&8>!Qs-}C1RN?xwI6c{IEs$o%}TT)x6~a
zJdb&Sq%7S3(JMuaPwn`se@<Z1<fj_=_BaPAbG1%1NIe%}Ay}3nOuibs`JJHF>nXN`
zP5R^Tz_O7=`IefN?;0!3=IfYQojytK=3<-~V`Pz!h9$8U^@jNOh+R}al;37reXDV(
zX~C2+c99$7e`|@)f<~`+<)&m!KZ~78Dj!iZ(5X|X-&}6%<=~WUv}?k9?T(Cr!qy6_
z<BrGN*1>rhX`2z1p!bDaEkD_%Nqvr(?KC1EzO0IKb4GAzJM;{LsuDAisZHtNiY6_P
zvRu&?CHq&<1>bi?qb$FWu@Alq5=k>Ea$ktnD6!bJ)PrfbkhDFW);!<FqIQv0<s2i?
z8T-YuNMV_NGuXlAn03Hkg+F`<+v5I$ob~DfYhK5VoVsf1^8D3_l*QCXX0^umKIOS2
zCLWry4u>MeYWd32)wj_ei?@)t)ZzZ;1DHzn!TUaQ32BD^&<e=w|Du&Av;fJ0|Ii8$
z^6yQd&xZy?`rqpCKkd~|`sV5CA0qm@X;VAn07ewL!$r%hA;vQgJd2kOzOmHeRvhX~
zpR*L%?^NrL3<RZ-mew~^d8T<7@)+34hzHv3hu7gl7dO3&x?XL4_F>FD8|l>N<%8B|
z73$<NrlVDHU6_JNd2>D_qM2DX(4>qH8f`lX-^D-87R!lB`v|U+I4j}aqZnJLc;R|a
zqf82PW%Bsl)Vd-XE93HNVDpfY*;F9ytfr|++Zx9m%tbpJX^UIGP_D<%Vc3EplWN7;
z({Mvk*QfFHA)!+Zc!qxaYP=_)jmU6p%UCVHg^?q6*13w91hK%PQj(8Cvw6<0V)v8C
zi$+`eGR80YdGeb?>A>aw-|3L#jg*gsRncUKQa0Lm52BOV+x32=aJ~)@_x7$+c+-WZ
zFEwgPODU(&F6>SPDt_I|_glUs|1mor*88C%zNyw_{uJiD*U-FJ75$32a;=Q`A!1b1
z;P+d)ITo!J0nNKKaH<s-b;Crn5OEfO{W#$khqx4`jmznmcxH-t(|&*9+E!0WoX7Q9
z_M=w-W7s5=_hKyZ8(RkFJG?I5`hlH1gp^TX(-BU7N@E>;)Ep=IIs@WEd*1ivJ6gx2
zqZ;LBF}L#zduIXn<I!*WC#)0j&W@a`C$Q-_tO62w2lwGfv*(UZhIpU&bOq`eaSAGt
z6Zv3BhjELaRYV}DYr;qC-bO4E&k6Xru^$}^mfH)wzcNpu5`{(NHKfhBpzU@yl~pVB
zP%u&?4tpD)?HM*6KsiX?8PD}5pR=M>0ni?FoEG~=#B<dJwOGn3ipN+D-o)c@%Kz%_
zM`|7G9>bSwt6iZl&N9m-bf$mZ8hf}&bN6GecTsMd)uYxWy8`*v<wu#a0~y`Hm3#G8
zjY<C=g@q--lrmZKQTORsZgwWYOTry!e~AC}u2QTnW%XumBd&2y!+eVZxvwkfkB2%z
zUvk%lTt6wAjW+517I;(i%1<6A7W_96T>QKy*&&}hUk!NHw%i)lq2M;AGd&`y1^#}g
zbaF7|JkK-X0s~>7lGVD2-Xqk#+t#d9{;J(>_Em-zhDf&TUMwpf>JJHcF-D_Q5I-zb
z&qaZMTS8OLsK!c_edWAI&yOPJDUHV<o`8g5Q!QFwogQ??3gC%jNyrF@gsT^>Xfa+<
z*Boi<wo}lzbiSO2)Y8|z)kN;+Xppy&jRL$VH|V6*_fL|7+)+r?Hd4s8FDVOiFcvIh
z@kcSZ+pcZ=?5P;a2*kzw^7t-|Gh&;?oZ^?WXUb99d6?ICU%Pu7<ea5prllg3!eN<b
zZ$7m8Kj4;#_3)>?4VPf$Oetj`?B3FK{#n>>AopPITE28VacRAZQbzo;D3xRZ+Za3D
z_ClmUHZT^pedMQ}akk`Fx5hg?{lA9M=F>3x24`f!X)7hDY!N$2aw>M&rV|MvpSbL{
z`T0y+IDUyQ*?Vd6E$?Ne*c9apX4*)q#;-IfyjRBfa0c9J+S9Ut7)Kw|%~0){L9<hy
zuORaYD@k*VD>$Mye*iKcvemnjshJ49g&E0e<R+*tpLs_tjj0>t%4;B><|WFjZx^3f
zs9>{E8u9odY_!-)1{ddN%@PLRt0o-kf@`q@52#olE_-Pa<vWM<gl6=_MBl}=*t6**
zd5(pUdpnVEeH+={L<|UsirRqkOBW_mx-<FvWtd%#Qf}<5z2_qv9}}VFcti$Cb)29j
zYy{ePu7dWe_+L{_eN~{2i}v*&AptYvcagu=gDMSk2{feouu;wtP?i=)g)3;D38?(6
zI^g(nh}PMhzlr4dOsh}<;wY5mS!|xdY%x}{AU=@R1(Rj$>^9N1mBc>%99ED5?U$~9
zg`m547q@=N2k1$Fy>|G>qiz(53~z|We4N2>#wiMp%Gpu;eb}7U`vu9-+8TQ=<lQee
z^MUFDs(IFx)9j^wCE`Ieb_eA~WSa9fJnRIrtC*LdwuK|T3k*F6HEcbnT-dq=TtC@Q
zq7S#$d`ual#A<FsjV;^bGS^9r1KB4~EbNTLP3?$0sU2F`autfRu7Z{>4jGzT1U1S`
z(lIS$|5CNlBk~+Xx>jS+;+eI;|Nm-S$%#!M`G3&3DWy1o@@m`oO_Q66RNfVUaKYxv
z$^`iMl>1lsasnE~u<$S=9RqLZV90x!iG;8<B@a5JJvaNpLDmtRb)Vp<z(Z0EzpB|1
zX^Ww&Pz<N%(scT5>aaV(gsC-S+ve%(W)kM-C$f#_vSmtxxPn4Q);C%iIttf=O}2`A
zI+p9^LJ%*4AC{;)QpiybpFv0Dg!kB)db24(3jioH+fysVQt|PlmetUvIB(<4oOkwa
z%{X8!Jn-S;WPv8vx~J!O*I#uS-K!g{!{J`hgJ@vERt+w&{UhKGA;*iMSiKW@#_kO<
z|EGsV;QQ)LPyD83b!0K*x`2>%cPz+yLpRS=U5lc(o5}YnRHkhuIc%YT(s&0(3JW~1
zB|pM7KS{#hdJCm;sJp=wV&fJw5lcq=TzqHT$h(XrcJr8%na|>BXGBW`dI|kbbBVC#
zRA1M=mJgaAyG<Fs#2&IQa^N$+Gf`Yc6y@sejyMhJ;X~6()pwo}fqJMZ-s>m)^1QRU
zO)Cftc|8}Mb{@}2A%))CM?Zk(0&@)M6Fbql3bDI0syL0z65|qNGwIVE5AvqYyA7Ml
zQaD*dNF{@-iig<!Ku{?@51MqDY@K{D!HCEH`v;A}zNVLOrY~i*F^Y?Y&F!|a^&+me
zz?J|pU3EwbVV|o2tAtz_(zBgR5T2whW)B6=Us_23QiGm72@}*O1=70>0a7CV&uu9E
z5eE?OOQg9^V}+nSeSl~IubA{Iw9Ka!Ar`rVoE;W7Y4zElkx3W$j&kv2CekIYgvpPT
zcm@A*qkDHohBW`3f5FG6<ik)z>kvF-8-v3Kcx{&uo?PI@uX5STgh2wvnhYG(rpJR?
zNO^^k`fTl)RrbyrSn<U2mlHCq$dWL4hrDH9bze6KJC5n#AVgXM?a?+bE#*5oD3*Y1
z<Q%ae<38O5U(;y8r#+T(seKaYtgg*6*=egLUGIpj7&s4Y4QqayV}}hsql|ZTFFQY#
zG2_wO6HMd76jDGfEPTe%cWZ23avRL!=@%@6Ni3*Rg)~~zH_(Ls!r+!RDpmQ|+tFLr
zScc2zcGPks#@T@97uJp?8Mddkh{5dn*O3D^O#c@}!{~J=Nwtz$QV!7M>o4FOd~>YO
zAV<K+0UO$B+)Tc>vli<TQ&TV58J7+p5M9MlI1E93bX$t;AX?XFlYpWxeT$vjmjd%O
zKy8r)O5|wBb*$d+z!RvXtim?N<t<uuA;c-f^ZB)TP&~sqf&S$MFoFe56aD0Cjl^05
z@^^b4i>)_Oewn3aRd5<7Kb6_L#|rQ>I)tLd5}k&moNY~x`15O{;5%4lft*iRn(7U#
z&(+-jL75jjMXQHmo|8cX+Wk%%{`_DfdsA@FEKVn+`ozm>!(w*34A;o&=QZRnQuKT6
WTcP5(=L;7>-+n-f>B)m2nEwUWa8|7V

literal 0
HcmV?d00001

diff --git a/.gitsecret/keys/pubring.kbx~ b/.gitsecret/keys/pubring.kbx~
new file mode 100644
index 0000000000000000000000000000000000000000..c0a748ce2c37a0225e18f72cf81dd13d23ef6e79
GIT binary patch
literal 32
ecmZQzU{GLWWMJ}kib!Jsf_S^YHV_7}K>z?m*#uYs

literal 0
HcmV?d00001

diff --git a/.gitsecret/keys/trustdb.gpg b/.gitsecret/keys/trustdb.gpg
new file mode 100644
index 0000000000000000000000000000000000000000..369485be0624d934e8792ed59755130e548976db
GIT binary patch
literal 1200
zcmZQfFGy!*W@Ke#Vql233v6S+4j8$xi(`n6s>28pu)t`zjD`y+1V+;VW$6F_h;9Ss

literal 0
HcmV?d00001

diff --git a/.gitsecret/paths/mapping.cfg b/.gitsecret/paths/mapping.cfg
new file mode 100644
index 000000000..e69de29bb