Treasure Data MCP Server

# Gitleaks configuration for Treasure Data MCP Server # This file extends the default gitleaks rules with custom patterns # Use the default gitleaks rules as base [extend] useDefault = true # Custom rules for additional secret detection [[rules]] id = "treasure-data-api-key" description = "Treasure Data API Key" regex = '''[0-9]+/[a-f0-9]{40}''' tags = ["treasuredata", "apikey"] [[rules]] id = "generic-api-key" description = "Generic API Key" regex = '''(?i)(api[_\-\s]?key[_\-\s]?[=:]\s*["']?)([a-zA-Z0-9_\-]{32,})["']?''' tags = ["key", "generic"] [[rules]] id = "generic-secret" description = "Generic Secret" regex = '''(?i)(secret[_\-\s]?[=:]\s*["']?)([a-zA-Z0-9_\-]{32,})["']?''' tags = ["secret", "generic"] [[rules]] id = "td-env-var" description = "TD_API_KEY environment variable assignment" regex = '''(?i)(TD_API_KEY[_\-\s]*[=:]\s*["']?)([a-zA-Z0-9/_\-]{10,})["']?''' tags = ["treasuredata", "env"] # Allowlist patterns - these are allowed in the codebase [allowlist] description = "Allowed patterns that should not trigger alerts" paths = [ '''.gitleaks.toml''', '''docs/.*\.md''', '''README\.md''', '''CLAUDE\.md''', '''tests/.*''', '''.github/.*''', '''uv\.lock''', '''requirements.*\.txt''', '''poetry\.lock''', '''Pipfile\.lock''' ] regexes = [ '''test[_\-]?key''', '''your[_\-]?api[_\-]?key''', '''TD_API_KEY.*test''', '''api\.treasuredata\.com''', '''api\.treasuredata\.co\.jp''', '''example\.com''', '''test_key''', '''mock.*''', '''packages/[a-f0-9]{2}/[a-f0-9]{40}''', '''https://files\.pythonhosted\.org/packages/''' ]