From 8c207dfed131975e53ab767784485a0b4fa8dfd5 Mon Sep 17 00:00:00 2001
From: forkwright <cody.kickertz@pm.me>
Date: Thu, 21 May 2026 22:34:41 +0000
Subject: [PATCH] chore(security): allowlist HIGH (c) false-positives in
 .gitleaks.toml

---
 .gitleaks.toml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/.gitleaks.toml b/.gitleaks.toml
index 5f219f2..9be384f 100644
--- a/.gitleaks.toml
+++ b/.gitleaks.toml
@@ -32,3 +32,10 @@ paths = [
   '''vendor/''',
   '''\.gitleaks\.toml''',
 ]
+regexes = [
+  '''sk-secret-123''', # WHY: A2 - vault unit-test fixture; see small-repo-security-triage-2026-05-21.md
+  '''plain-key-value''', # WHY: A3 - test fixture; see small-repo-security-triage-2026-05-21.md
+  '''vault:nonexistent_key''', # WHY: A4 - vault sentinel test fixture; see small-repo-security-triage-2026-05-21.md
+  '''vault:some_key''', # WHY: A5 - vault sentinel test fixture; see small-repo-security-triage-2026-05-21.md
+  '''ChaCha20-Poly1305''', # WHY: A1 - doc-comment cipher-name false-positive; see small-repo-security-triage-2026-05-21.md
+]