The Secrets Scanner that respects your time

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for fvlcn-dev from gravatar.com fvlcn-dev
Meta

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: MIT
    SPDX License Expression
  • Tags security , secrets , scanner , git , ci
  • Requires: Python >=3.11
Report project as malware

Project description

Secrets Hunter

PyPI Python

Secrets Hunter is a lightweight, fully autonomous, and dependency-free scanner that detects secrets and sensitive information in your codebase.

The scanner provides a command-line interface (CLI) and is designed for use both locally (as a linter) and in security pipelines (as a security gate).

Features

Findings are detected using a combined regex and entropy approach:

  • Pattern-based detection: Identifies predefined secret formats (API keys, tokens, etc.)
  • Entropy-based detection: Finds high-entropy strings

Each high-entropy finding gets a confidence boost if it is detected in the context of an assignment or key/value pair with keywords, assuming a secret (e.g., API_KEY=..., "secret_token": "...", etc.).

All of these patterns are fully configurable via TOML config overlays (see Configuration).

Secrets Hunter supports parallel scanning with configurable workers. Output findings can be displayed in console output or exported to a JSON file.

Installation

Requirements: Python 3.11+

Secrets Hunter can be installed via PyPI, from source, or using Docker. For a quick start, install directly from PyPI:

pip install secrets-hunter

For installation from source or Docker, see the Installation docs.

Quick start

Scan the current directory:

secrets-hunter .

Findings are masked by default. To reveal them, use the --reveal-findings flag:

secrets-hunter . --reveal-findings

Scan a specific file:

secrets-hunter path/to/file.py

Export results to JSON:

secrets-hunter . --json results.json

See the Usage docs for all flags and more examples.

Configuration

Secrets Hunter ships with built-in packaged defaults. You can display them using CLI:

secrets-hunter showconfig

Configuration can be customized using overlay config files. Example (team baseline overlay):

secrets-hunter . --config team.toml

Multiple overlays are applied in the order provided:

secrets-hunter . --config ci.toml --config local.toml

A full description and usage examples are available in Configuration docs.

License

Secrets Hunter is released under the MIT License, meaning you are free to use, modify, and distribute it for both personal and commercial purposes.

Acknowledgments

This project was made possible by whitespots.io.

Special thanks to @Shandriuk for implementing the end-to-end functional testing suite.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for fvlcn-dev from gravatar.com fvlcn-dev
Meta

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: MIT
    SPDX License Expression
  • Tags security , secrets , scanner , git , ci
  • Requires: Python >=3.11

Release history Release notifications | RSS feed

0.8.0

This version

0.7.0

0.6.0

0.5.0

0.4.0

0.3.0

0.2.0

0.1.0

0.0.2

0.0.1.post1 yanked

Reason this release was yanked:

Broken packaging

0.0.1 yanked

Reason this release was yanked:

Broken packaging

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

secrets_hunter-0.7.0.tar.gz (328.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

secrets_hunter-0.7.0-py3-none-any.whl (336.9 kB view details)

Uploaded Python 3

File details

Details for the file secrets_hunter-0.7.0.tar.gz.

File metadata

  • Download URL: secrets_hunter-0.7.0.tar.gz
  • Upload date:
  • Size: 328.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for secrets_hunter-0.7.0.tar.gz
Algorithm Hash digest
SHA256 cfb15887441850152377456076a4a3cc5621196b53c27fcbf752cacc4539163f
MD5 253102aad19346c10d038cd962e4c6b9
BLAKE2b-256 d199ec2b18e9ad00dc9c618a8c4c5a481f95bd52fe243b13c2d06b727a1769e3

See more details on using hashes here.

Provenance

The following attestation bundles were made for secrets_hunter-0.7.0.tar.gz:

Publisher: pypi.yml on FVLCN/secrets-hunter

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file secrets_hunter-0.7.0-py3-none-any.whl.

File metadata

  • Download URL: secrets_hunter-0.7.0-py3-none-any.whl
  • Upload date:
  • Size: 336.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for secrets_hunter-0.7.0-py3-none-any.whl
Algorithm Hash digest
SHA256 180993572478760bff304cdfc6e3c77b1989841ee35873de20d7b12cabda4787
MD5 5f059b6a8ac60b03d03f740ca0552122
BLAKE2b-256 23a10d09199e45b1c9ba5f1e662b409068476328ac242930cdcc5f6812dc48c9

See more details on using hashes here.

Provenance

The following attestation bundles were made for secrets_hunter-0.7.0-py3-none-any.whl:

Publisher: pypi.yml on FVLCN/secrets-hunter

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page