Generating Dummy Secrets from gitleaks.toml Using Python

Gitleaks is a project designed to detect secrets in git file systems, typically using regex for pattern matching. However, it is also possible to reverse this logic, creating dummy secrets for testing other systems. In this guide, we will explore how to convert the gitleaks.toml configuration file to a list of dummy secrets using Python. Before proceeding with the code, ensure you have installed the required dependencies:

pip3 install tomli exrex

The following Python script will load and parse the TOML configuration file (gitleaks.toml) and then iterate over each rule to generate an example that matches the regex:

import tomli
import exrex

# Load and parse the TOML configuration file
config_path = 'gitleaks.toml'  # Adjust the path to where your TOML file is located

# Now, parse the TOML content
with open(config_path, 'rb') as file:
    config = tomli.load(file)

# Iterate over each rule and generate an example that matches the regex
for rule in config['rules']:
    print(f"Rule ID: {rule['id']}")
    print(f"Description: {rule['description']}")
    try:
        # Generate an example that matches the regex
        example = exrex.getone(rule['regex'])
        print(f"Generated Example: {example}\n")
    except Exception as e:
        print(f"Error generating example for rule {rule['id']}: {e}\n")

In this script, the tomli library is used to load and parse the TOML content, and the exrex library is utilized to generate examples that match the regex of each rule.

The script first opens the gitleaks.toml file and loads its content using tomli.load(file). It then iterates over each rule in the configuration and attempts to generate an example that matches the associated regex using exrex.getone(rule['regex']). If successful, it prints the rule ID, description, and the generated example. If an error occurs during the example generation, it will be caught and handled accordingly.

By running this script, you can quickly generate a list of dummy secrets that match the patterns defined in the gitleaks.toml configuration file. These dummy secrets can be used for testing and validating the behavior of other systems that rely on similar regex patterns for secret detection.

This approach provides a practical way to leverage existing regex patterns used for detecting sensitive information and repurpose them for testing and development purposes, contributing to the overall security and robustness of systems handling sensitive data.