From a45f540895dbd9bba61799e9b1580d511d7af769 Mon Sep 17 00:00:00 2001
From: Mondo Diaz <armando.m.diaz@boeing.com>
Date: Fri, 23 Jan 2026 22:02:21 +0000
Subject: [PATCH] Add gitleaks config to allowlist test files

Ignores backend/tests/*.py across all git history to avoid false
positives on variable names like 's3_key' in test assertions.
---
 .gitleaks.toml | 8 ++++++++
 CHANGELOG.md   | 2 +-
 2 files changed, 9 insertions(+), 1 deletion(-)
 create mode 100644 .gitleaks.toml

diff --git a/.gitleaks.toml b/.gitleaks.toml
new file mode 100644
index 0000000..9f5e068
--- /dev/null
+++ b/.gitleaks.toml
@@ -0,0 +1,8 @@
+# Gitleaks configuration
+# https://github.com/gitleaks/gitleaks#configuration
+
+[allowlist]
+# Test files that contain variable names matching secret patterns (e.g., s3_key)
+paths = [
+  '''backend/tests/.*\.py''',
+]
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3531bc2..81a509f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,7 +11,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Fixed
 - Fixed production CI deployment namespace to use correct `orch-namespace` (#54)
-- Added gitleaks fingerprint for test file false positive (#54)
+- Added gitleaks config to allowlist test files from secret scanning (#54)
 
 ## [0.5.0] - 2026-01-23
 ### Added