From 859c42b4453ac349016ea2bbe0c8cbef2054d4fc Mon Sep 17 00:00:00 2001
From: Isaiah Grigsby <isaiah.grigsby@grafana.com>
Date: Tue, 5 Aug 2025 15:20:22 -0500
Subject: [PATCH 1/2] Add Trufflehog reusable workflow for secret scanning

---
 .github/workflows/trufflehog.yml | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 .github/workflows/trufflehog.yml

diff --git a/.github/workflows/trufflehog.yml b/.github/workflows/trufflehog.yml
new file mode 100644
index 000000000..98a6509d4
--- /dev/null
+++ b/.github/workflows/trufflehog.yml
@@ -0,0 +1,17 @@
+name: Trufflehog Secret Scan
+
+on:
+  pull_request:
+    paths:
+      - '**/*'
+  push:
+    branches:
+      - main
+    paths:
+      - '**/*'
+
+jobs:
+  trufflehog:
+    uses: grafana/shared-workflows/.github/workflows/reusable-trufflehog.yml@pr/trufflehog-scan
+    with:
+      fail-on-secrets: "true"
\ No newline at end of file

From f65ca762e723bfba10c6deba065b5fcd80ea0243 Mon Sep 17 00:00:00 2001
From: Isaiah Grigsby <isaiah.grigsby@grafana.com>
Date: Tue, 5 Aug 2025 16:05:01 -0500
Subject: [PATCH 2/2] Added test

---
 scripts/test-secret.txt | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 scripts/test-secret.txt

diff --git a/scripts/test-secret.txt b/scripts/test-secret.txt
new file mode 100644
index 000000000..3375ce3d1
--- /dev/null
+++ b/scripts/test-secret.txt
@@ -0,0 +1 @@
+aws_secret_access_key = "AKIA1234567890FAKEKEY"
\ No newline at end of file