Detect secrets and sensitive information in your codebase
Project description
Secrets Hunter
Secrets Hunter is a lightweight, fully autonomous, and dependency-free scanner that detects secrets and sensitive information in your codebase.
The scanner provides a command-line interface (CLI) and is designed for use both locally (as a linter) and in security pipelines (as a security gate).
Features
Findings are detected using a combined regex and entropy approach:
- Pattern-based detection: Identifies predefined secret formats (API keys, tokens, etc.)
- Entropy-based detection: Finds high-entropy strings
Each high-entropy finding gets a confidence boost if it is detected in the context of an assignment or key/value pair with keywords,
assuming a secret (e.g., API_KEY=..., "secret_token": "...", etc.).
All of these patterns are fully configurable via TOML config overlays (see Configuration).
Secrets Hunter supports parallel scanning with configurable workers. Output findings can be displayed in console output or exported to a JSON file.
Installation
Requirements: Python 3.11+
From PyPI
pip install secrets-hunter
From source
- Clone this repository
git clone https://github.com/FVLCN/secrets-hunter.git secrets-hunter
cd secrets-hunter
- Activate virtual environment (macOS and Linux)
python -m venv venv
source venv/bin/activate
- Build and install package
pip install -e .
Quick start
Scan the current directory:
secrets-hunter .
Findings are masked by default. To reveal them, use the --reveal-findings flag:
secrets-hunter . --reveal-findings
Scan a specific file:
secrets-hunter path/to/file.py
Export results to JSON:
secrets-hunter . --json results.json
See the usage docs for all flags and more examples.
Configuration
Secrets Hunter ships with built-in packaged defaults and supports overlay configs.
Example (team baseline overlay):
secrets-hunter . --config team.toml
Multiple overlays are applied in the order provided:
secrets-hunter . --config ci.toml --config local.toml
A full description and usage examples of the configuration are available in Configuration docs.
License
MIT
Acknowledgment
This project was made possible by whitespots.io
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file secrets_hunter-0.1.0.tar.gz.
File metadata
- Download URL: secrets_hunter-0.1.0.tar.gz
- Upload date:
- Size: 19.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.11
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
fb286e882d499c423f7b721e1281ef509cd7a1804d8466e1f6fe8184f3b22fdb
|
|
| MD5 |
40f72e860be74f78cb061acb101816f8
|
|
| BLAKE2b-256 |
1e8cd3865fdb20b8d9a47e713a2067b3eea17248afc6ea0d64d30244a26bafa2
|
File details
Details for the file secrets_hunter-0.1.0-py3-none-any.whl.
File metadata
- Download URL: secrets_hunter-0.1.0-py3-none-any.whl
- Upload date:
- Size: 24.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.11
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3a42786e1ef201edef3992814dcf7ed08bb8fd31472d22ead450f90501e10957
|
|
| MD5 |
ada769222a0edbd064a3f936e6b3653c
|
|
| BLAKE2b-256 |
2208b6d0770c653627b21818f1ae321ce2f6b9fe71a5c0401e627c3c5bd5e4d7
|
