Git hooks that prevents committing secrets

Extend http://doc.gitlab.com/ee/git_hooks/git_hooks.html with a hook that detects common secrets (PRIVATE_KEY, etc.).

Description

We need to be able to prevent committing secrets to a repository by defining rules set by users. This feature will be for our EE customers.

Specification

• This feature needs to be activated by project. It's OFF by default.
• A new checkbox under the Push Rules settings page, labelled Prevent committing secrets, activate the feature for the project, as shown below.
• Inside GitLab, we maintain a non-editable list of filenames we want to prevent from being pushed to a repository.
• We don't need to read the content of those files. We just need to block any push that contains a file with one of the names listed below.
• We need to have a nice error message to say to the user that she can't push this kind of files to the project. Keep in mind this issue when formatting the error message.

# AWS CLI credential blobs

.aws/credentials
aws/credentials
homefolder/aws/credentials

# private RSA SSH keys
/ssh/id_rsa
/.ssh/personal_rsa
/config/server_rsa
id_rsa
.id_rsa

# private DSA SSH keys

/ssh/id_dsa
/.ssh/personal_dsa
/config/server_dsa
id_dsa
.id_dsa

# private ed25519 SSH keys

/ssh/id_ed25519
/.ssh/personal_ed25519
/config/server_ed25519
id_ed25519
.id_ed25519

# private ECDSA SSH keys

/ssh/id_ecdsa
/.ssh/personal_ecdsa
/config/server_ecdsa
id_ecdsa
.id_ecdsa

# filenames matching those expressions (not familiar enough with regex to know if I'm correct)

/*\.(pem|key)/ # will prevent privatekey.pem and secret.key from being pushed

Links/references

• Yelp pre-commit-hooks project: a framework for managing pre-commit-hooks