Setup git-secret

This morning I'm attempting to secure my monorepo. How?

- `git secret`:  DONE: To version-control sensitive data
- `git secrets`: TODO: Lint code for sensitive data

I will probably update the CI to call `git secrets --scan` or some similar
command to fail when that exists non-zero. I have much to learn, but doing is
the best way to learn it.

5 files changed, 2 insertions, 0 deletions

diff --git a/.gitignore b/.gitignore
index e7ee823e5b52..911fce1053c1 100644
--- a/.gitignore
+++ b/.gitignore
@@ -31,3 +31,5 @@ node_modules/
 /configs/.config/fish/fish_variables
 /website/blog/public/
 /emacs/.emacs.d/tramp
+.gitsecret/keys/random_seed
+!*.secret
diff --git a/.gitsecret/keys/pubring.kbx b/.gitsecret/keys/pubring.kbx
new file mode 100644
index 000000000000..692d5c67b04b
--- /dev/null
+++ b/.gitsecret/keys/pubring.kbx
Binary files differdiff --git a/.gitsecret/keys/pubring.kbx~ b/.gitsecret/keys/pubring.kbx~
new file mode 100644
index 000000000000..c0a748ce2c37
--- /dev/null
+++ b/.gitsecret/keys/pubring.kbx~
Binary files differdiff --git a/.gitsecret/keys/trustdb.gpg b/.gitsecret/keys/trustdb.gpg
new file mode 100644
index 000000000000..369485be0624
--- /dev/null
+++ b/.gitsecret/keys/trustdb.gpg
Binary files differdiff --git a/.gitsecret/paths/mapping.cfg b/.gitsecret/paths/mapping.cfg
new file mode 100644
index 000000000000..e69de29bb2d1
--- /dev/null
+++ b/.gitsecret/paths/mapping.cfg