We use the
.github/secret-audit.yml convention so that you can define secrets that you use in development or testing to ignore.
Warning: We still recommend that you define secrets via environment variables to prevent a mistake where someone accidentally puts a staging or production key to test during development.
If you want to ignore a secret
"test", then you can create a
.github/secret-audit.yml at the root of your repository with the following content:
version: 1 ignore_text: - test
If you want to add a Stripe demonstration key to ignore, add a new entry to the
version: 1 ignore_text: - test - pk_test_1INguPLDSsSo0woM