chore(tools): add secretlint config

[WilliamBerryiii]

Pull Request

IMPORTANT: Before submitting, please remove all sensitive data, secrets, tokens, or confidential information. Ensure you've redacted any NDA-covered information, IP addresses, resource names, or security-related details that shouldn't be publicly disclosed.

Description

Added Secretlint configuration and ignore rules, and wired MegaLinter to the .secretlintrc.json file.

Related Issue

Type of Change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Blueprint modification or addition
• Component modification or addition
• Documentation update
• CI/CD pipeline change
• Other (please describe): Tooling configuration

Implementation Details

• Added .secretlintrc.json with the recommended Secretlint rule preset.
• Added .secretlintignore with standard build and dependency paths.
• Configured MegaLinter to use the Secretlint config file.

Testing Performed

• Terraform plan/apply
• Blueprint deployment test
• Unit tests
• Integration tests
• Manual validation
• Other:

Validation Steps

• Not run.

Checklist

• I have updated the documentation accordingly
• I have added tests to cover my changes
• All new and existing tests passed
• I have run terraform fmt on all Terraform code
• I have run terraform validate on all Terraform code
• I have run az bicep format on all Bicep code
• I have run az bicep build to validate all Bicep code
• I have checked for any sensitive data/tokens that should not be committed
• I have run MegaLinter on my code (mega-linter-runner)

Additional Notes

Screenshots (if applicable)

[Copilot]

Pull request overview

This PR adds Secretlint tooling configuration to enhance secret detection capabilities in the repository. Secretlint is already enabled in MegaLinter (line 45 of .mega-linter.yml), and this PR provides the necessary configuration files to customize its behavior.

Changes:

• Added .secretlintrc.json with the recommended Secretlint rule preset
• Added .secretlintignore to exclude standard build and dependency directories from scanning
• Configured MegaLinter to reference the Secretlint configuration file

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

File	Description
.secretlintrc.json	Adds basic Secretlint configuration using the recommended preset
.secretlintignore	Defines directories to exclude from secret scanning (build artifacts, dependencies)
.mega-linter.yml	Wires Secretlint to use the new configuration file

[Copilot]

The .secretlintignore file is missing several common directories that should be excluded from secret scanning to avoid false positives and improve performance. Based on the repository's .gitignore patterns and similar ignore files like .markdownlintignore, the following patterns should be added:

• **/.venv/ - Python virtual environments
• **/pycache/ - Python bytecode cache
• **/target/ - Rust build artifacts
• **/.azure/ - Azure CLI cache and configuration
• **/packages/ - Package manager directories
• **/*.lock - Lock files (package-lock.json, yarn.lock, etc.)

These directories contain generated files, dependencies, or cached data that don't need secret scanning and may cause performance issues or false positives.

Suggested change

	**/.git/
	**/.git/
	**/.venv/
	**/__pycache__/
	**/target/
	**/.azure/
	**/packages/
	**/*.lock

[katriendg]

Part of this PR seems to change the same things as #124 though the latter has some extra config. Intentional?