From 82163991554ac88e65cc63147f95822a63e18b96 Mon Sep 17 00:00:00 2001
From: Danijel Simeunovic <danijel.simeunovic@fortedigital.com>
Date: Thu, 11 Jun 2026 10:14:25 +0200
Subject: [PATCH] trufflehog

---
 .gitea/workflows/scan.yaml                     | 18 ++++++++++++++++++
 .../forte-drop/keycloak-client-forte-drop.yaml |  5 -----
 2 files changed, 18 insertions(+), 5 deletions(-)
 create mode 100644 .gitea/workflows/scan.yaml

diff --git a/.gitea/workflows/scan.yaml b/.gitea/workflows/scan.yaml
new file mode 100644
index 0000000..d5593e2
--- /dev/null
+++ b/.gitea/workflows/scan.yaml
@@ -0,0 +1,18 @@
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+    - name: Secret Scanning
+      uses: trufflesecurity/trufflehog@main
+      with:
+        extra_args: --results=verified,unknown
\ No newline at end of file
diff --git a/apps/overlays/upc-dev/forte-drop/keycloak-client-forte-drop.yaml b/apps/overlays/upc-dev/forte-drop/keycloak-client-forte-drop.yaml
index 64906dd..92bfb6e 100644
--- a/apps/overlays/upc-dev/forte-drop/keycloak-client-forte-drop.yaml
+++ b/apps/overlays/upc-dev/forte-drop/keycloak-client-forte-drop.yaml
@@ -1,8 +1,3 @@
-# Labeled config Secret read by the Keycloak Client Registrar. Kyverno clones it
-# to the keycloak namespace; a CronJob registers the OIDC client in the forte
-# realm and writes the credentials back as forte-drop-oidc-credentials in THIS
-# namespace (~2 min). The forte-helm auth sidecar (auth.type: oidc) consumes that
-# registrar-created Secret automatically — no manual SealedSecret step needed.
 apiVersion: v1
 kind: Secret
 metadata: