I think its mostly a bunch of regex expressions but I haven't looked into exactly (I really will) but right out of the box, it detected that file but for example in my test folder the following:
########### TEST CONFIG NO SECRETS #################
hive:
hive_accs:
someaccount:
role: server
posting_key: somepostingkey
active_key: someactive
memo_key: somememo
########### TEST CONFIG NO SECRETS #################
notification_bots:
first-bot:
token: 0987654321:ABC-DEF1234ghIkl-zyx57W2v1u123ew11
chat_id: 777777777
second-bot:
token: 1234567890:ABC-DEF1234ghIkl-zyx57W2v1u123ew11
chat_id: 122222222
Didn't raise any alarm bells. As you can see the ####'s are there so that when I'm editing that file i know not to put any secrets in it!
I just now tried replacing the hive keys somepostingkey etc with real (looking) randomly generated keys and sure enough it blocked upload. Perfect. I'm sure there is a way I can flag stuff as safe for specific testing reasons but this is working just how I want it to.
RE: Keeping Secrets - Gitleaks and Github