We use the .github/secret-audit.yml convention so that you can define secrets that you use in development or testing to ignore.
Warning: We still recommend that you define secrets via environment variables to prevent a mistake where someone accidentally puts a staging or production key to test during development.
If you want to ignore a secret "test", then you can create a .github/secret-audit.yml at the root of your repository with the following content:
version: 1
ignore_text:
- test
If you want to add a Stripe demonstration key to ignore, add a new entry to the ignore_text field:
version: 1
ignore_text:
- test
- pk_test_1INguPLDSsSo0woM