Skip to main content

Find secrets in your source code using lists of secrets you already know

Project description

Scan for known secrets in your source code before you check in

badges

MIT licensed Read the Docs Build Status Coverage Status BCH compliance

Three Ways to Detect Secrets

Pattern detection - use grep to find words like “password”. git-secrets does this as well as pylint.

High entropy detection - detect-secrets does this.

Search for known secrets - Some secrets are found in conventional locations, such as AWS keys. They are typically key value pairs. As far as I known, this is a novel approach as of July 2018. So I wrote one.

All three approaches have different failure profiles.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

find_known_secrets-1.0.30.tar.gz (5.6 kB view hashes)

Uploaded Source

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page