Lean security proxy for AI coding tools — scan and redact secrets before they reach LLM APIs
Project description
secretgate
A lean security proxy for AI coding tools. Routes all LLM API traffic through a local proxy that scans for secrets before they leave your machine.
Architecture
IDE / CLI / Agent
│
▼
┌──────────────────────────┐
│ secretgate :8082 │
│ │
│ ┌────────────────────┐ │
│ │ Secret Scanner │ │
│ │ (regex + entropy) │ │
│ ├────────────────────┤ │
│ │ Pipeline Steps │ │
│ │ (pluggable) │ │
│ ├────────────────────┤ │
│ │ Audit Logger │ │
│ └────────────────────┘ │
│ │
│ Reverse proxy per │
│ provider, streaming │
└───────────┬──────────────┘
│
▼
LLM Provider APIs
(OpenAI, Anthropic, Ollama, ...)
How it works
- Configure your AI tool to point at secretgate as its API base URL
- secretgate intercepts every outbound request and scans all messages for secrets
- Detected secrets are handled based on the mode:
- redact: replace with
REDACTED<aws-access-key:a1b2c3d4e5f6>placeholders before forwarding - block: reject the request entirely
- audit: log and forward unchanged (good for testing)
- redact: replace with
- On the response path, redacted placeholders are restored to their original values
- Everything is logged for audit
Placeholders are deterministic and self-documenting — same secret always produces the same placeholder, and the type identifier tells the LLM what kind of secret was redacted without exposing the value.
Quickstart
pip install secretgate
secretgate serve # start on :8080, redact mode
secretgate serve --port 8082 --mode audit # audit mode (log only, don't modify)
secretgate serve --mode block # block requests containing secrets
Using with Claude Code
# Terminal 1: start the proxy
secretgate serve --port 8082 --mode audit
# Terminal 2: start Claude Code through the proxy
ANTHROPIC_BASE_URL=http://localhost:8082/anthropic claude
This routes all Claude Code API traffic through secretgate. Requires an API key
(ANTHROPIC_API_KEY) — OAuth-based login uses a different endpoint that requires
HTTPS proxy / TLS MITM (not yet supported).
What you'll see in the logs:
[info ] request messages=19 model=claude-opus-4-6
[warning ] secret_detected line=93 pattern='API Key' service=Anthropic
[warning ] secret_detected line=99 pattern='AWS Access Key' service=Amazon
[warning ] secret_detected line=100 pattern='high-entropy value (Key)' service=entropy
[warning ] secrets_audit_only secrets_found=3
Secrets in conversation history (from previous assistant responses) are caught on the next turn when they become part of the outbound request.
Using with other AI tools
# OpenAI-compatible tools (Cursor, Continue, etc.)
export OPENAI_BASE_URL=http://localhost:8082/openai
# Anthropic-compatible tools
export ANTHROPIC_BASE_URL=http://localhost:8082/anthropic
# Ollama
export OLLAMA_HOST=http://localhost:8082/ollama
Modes
| Mode | Behavior | Use case |
|---|---|---|
redact |
Replace secrets with placeholders, restore on response | Production use |
block |
Reject requests containing secrets (HTTP 403) | Strict environments |
audit |
Log secrets but forward request unchanged | Testing, evaluation |
Extra detection with detect-secrets
For broader coverage, enable Yelp's detect-secrets as a supplementary scanner (23 additional regex plugins, entropy detectors disabled to avoid false positives):
pip install secretgate[detect-secrets]
secretgate serve --detect-secrets
Or via environment variable:
export SECRETGATE_DETECT_SECRETS=true
Offline scanning
Scan files or stdin for secrets without running the proxy:
secretgate scan .env config.yaml # scan specific files
cat .env | secretgate scan # scan stdin
git diff --cached | secretgate scan # scan staged changes
secretgate scan --no-entropy src/ # regex-only (fewer false positives)
Adding custom secret patterns
Drop patterns in ~/.secretgate/signatures.yaml or pass --signatures /path/to/file.yaml.
- MyCompany:
- Internal API Key: "myco_[a-zA-Z0-9]{32}"
- Database URL: "postgres://.*@prod\\.mycompany\\.com"
Development
git clone https://github.com/secretgate/secretgate.git
cd secretgate
python3 -m venv .venv && source .venv/bin/activate
pip install -e ".[dev]"
pre-commit install
# Run tests
pytest tests/ -v
# Lint
ruff check src/ tests/
Pre-commit hooks
secretgate includes pre-commit hooks for development. After pip install -e ".[dev]":
pre-commit install
This enables ruff lint/format, trailing whitespace fixes, and secretgate's own secret scanner on staged files.
License
Apache 2.0
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file secretgate-0.1.0.tar.gz.
File metadata
- Download URL: secretgate-0.1.0.tar.gz
- Upload date:
- Size: 23.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c2c0690bf6e353bc3cbb83fc0fbdd851bf359a05d8be9d58e155e3b372a2c003
|
|
| MD5 |
01a188045d9fd601ef039ed8d2d65a8a
|
|
| BLAKE2b-256 |
56411c6ce9a730bb8752d9d7eb3d9bb557d9b8b629924ee8b7de5bd1ad0961fc
|
File details
Details for the file secretgate-0.1.0-py3-none-any.whl.
File metadata
- Download URL: secretgate-0.1.0-py3-none-any.whl
- Upload date:
- Size: 22.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
43650f63a2ba03420e26e58b97c144c691710d00bb8f569d339676eb8abe4422
|
|
| MD5 |
476bf464b61fa6e3c22b5d7ed4bcdc71
|
|
| BLAKE2b-256 |
699c939f8fd8ee61e6f8c25e5fe0f3af07baf5950258c6030beebfa3124b4820
|
