# Gitleaks Configuration for SAAP
# Allows documentation files with example API keys

[allowlist]
  description = "Allow example API keys in security documentation"
  
  # Allow findings in documentation files
  paths = [
    '''SECURITY_SETUP_COMPLETE\.md''',
    '''SECURITY_SCAN_REPORT\.md''',
    '''SECURITY_REMEDIATION_REQUIRED\.md''',
    '''README\.md''',
    '''DEPLOYMENT\.md''',
    '''TESTING_CICD\.md'''
  ]
  
  # Allow example/placeholder API keys
  regexes = [
    '''(sk|msk)-dBoxml3krytIRLdjr35Lnw''',  # Example key from docs
    '''\{\{COLOSSUS_API_KEY\}\}''',         # Template placeholder
    '''\{\{OPENROUTER_API_KEY\}\}''',       # Template placeholder
  ]

[extend]
  # Use default Gitleaks rules
  useDefault = true