From 123de1d2a1077575ac58139bb3946a03e34d4048 Mon Sep 17 00:00:00 2001
From: kayos <kayos@sulkta.com>
Date: Thu, 28 May 2026 12:16:11 -0700
Subject: [PATCH] ci: gitleaks allowlist for test_data/ fixtures + Byron
 genesis (public on-chain data). Refs #300

---
 .gitleaks.toml | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 .gitleaks.toml

diff --git a/.gitleaks.toml b/.gitleaks.toml
new file mode 100644
index 0000000..0c08668
--- /dev/null
+++ b/.gitleaks.toml
@@ -0,0 +1,18 @@
+# gitleaks config — pallas
+#
+# pallas is the Cardano serialization library. Its repo includes:
+#  - test fixtures in test_data/ and crates/*/test_data/ with vkeys,
+#    keyHashes, vssKeys — all public on-chain identifiers
+#  - mainnet-byron-genesis.json — the Byron genesis block which is
+#    PUBLIC chain data, ships signingKey/vssKey of original Byron
+#    delegates as part of the bootstrap state
+# None of these are secrets in any operational sense.
+
+[extend]
+useDefault = true
+
+[allowlist]
+description = "Cardano test fixtures + Byron genesis (public on-chain data)"
+paths = [
+    '''(.*/)?test_data/.*''',
+]