# GitLeaks False Positives
# This file lists fingerprints of false positive secret detections to be ignored
#
# Format: fingerprint from GitLeaks output (Commit SHA:File:RuleID:Line)
# Get fingerprints from: gitleaks detect output or GitHub Security tab

# False positive: Azure storage account name detected as Finnhub API key
# These are example Terraform files, not real secrets
6f52e2a271a434e42f9371246eede1404eb3632c:terraform/environments/prod/main.tf:finnhub-api-key:17
6f52e2a271a434e42f9371246eede1404eb3632c:terraform/environments/stage/main.tf:finnhub-api-key:17
6f52e2a271a434e42f9371246eede1404eb3632c:terraform/environments/dev/main.tf:finnhub-api-key:17

# False positive: historical commits where error-message wording triggered private-key rule
# The wording has since been changed to avoid matching; these fingerprints cover old commits
# that remain in git history but contain no actual key material.
40e833e7900b515688443651c3efde27e2640ab1:scripts/portfolio_manager.py:private-key:111
c8ab4d6765ea0e7490273c3fde9e0be6e3859d0e:scripts/portfolio_manager.py:private-key:116
