Skip to content

[BUG]: detect-private-key hook fails on test fixtures containing private keys #2733

Closed
Bug
#2740
Closed
[BUG]: detect-private-key hook fails on test fixtures containing private keys#2733
Bug
#2740
Assignees
brian-hussey
Labels
SHOULDP2: Important but not vital; high-value items that are not crucial for the immediate releasebugSomething isn't working
Milestone
Release 1.0.0-RC1
@brian-hussey

Description

@brian-hussey
brian-hussey
opened on Feb 6, 2026

🐞 Bug Summary

The detect-private-key pre-commit hook fails when running make pre-commit, blocking commits due to legitimate test fixtures that contain private keys for testing TLS and cryptographic key generation functionality.

🧩 Affected Component

Select the area of the project impacted:

  • mcpgateway - API
  • mcpgateway - UI (admin panel)
  • mcpgateway.wrapper - stdio wrapper
  • Federation or Transports
  • CLI, Makefiles, or shell scripts
  • Container setup (Docker/Podman/Compose)
  • Other (explain below)

🔁 Steps to Reproduce

  1. Run make pre-commit in the project root
  2. Observe the detect-private-key hook failure
  3. Note the flagged files are test fixtures

🤔 Expected Behavior

The detect-private-key hook should allow test files containing private keys used as test fixtures for TLS and cryptographic testing. These are not actual secrets but necessary test data for validating security functionality.

📓 Logs / Error Output

🔐 Detect Private Key....................................................Failed
- hook id: detect-private-key
- exit code: 1

Private key found: tests/unit/mcpgateway/plugins/framework/external/mcp/test_tls_utils.py
Private key found: tests/unit/mcpgateway/utils/test_generate_keys.py

🧠 Environment Info

You can retrieve most of this from the /version endpoint.

Key Value
Version or commit main
Runtime Python 3.11+
Platform / OS macOS
Container none

🧩 Additional Context (optional)

Affected Files:

Potential Solutions:

  1. Add test fixture paths to the exclude pattern in .pre-commit-config.yaml
  2. Move test private keys to separate fixture files and exclude those specific files
  3. Use the args: ['--allow-missing-credentials'] parameter for the hook (if supported)
  4. Generate keys dynamically in tests instead of using hardcoded fixtures

Configuration Location:
The hook is configured in .pre-commit-config.yaml at lines 42-45:

- id: detect-private-key
  name: 🔐 Detect Private Key
  description: Detects the presence of private keys.
  types: [text]

Metadata

Metadata

Assignees

Labels

SHOULDP2: Important but not vital; high-value items that are not crucial for the immediate releasebugSomething isn't working

Type

Bug

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions