Interactive TUI for redacting secrets found by TruffleHog
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Project description
An interactive terminal tool that scans your files for secrets with TruffleHog and helps you redact them.
Features
- One-command scanning — runs TruffleHog for you, no piping required
- Interactive TUI — curses-based selector to pick which secrets to redact
- Diff preview — review a unified diff of all changes before applying
- Safe by default — shows what will change and asks for confirmation
- Zero dependencies — only uses the Python standard library
- Custom placeholders — replace secrets with
[REDACTED], asterisks, or any string
Installation
Note: Works on macOS and Linux. Windows is not currently supported (the interactive TUI depends on curses and Unix terminal features).
Requires TruffleHog to be installed and available on your PATH.
Install from PyPI:
pip install trufflehog-redactor
Or run directly without installing:
uvx trufflehog-redactor ./my-project
Or install via pipx:
pipx install trufflehog-redactor
Usage
Point trufflehog-redactor at the directory you want to scan:
trufflehog-redactor ./my-project
This will:
- Run TruffleHog to detect secrets in the target directory
- Open an interactive TUI to select which secrets to redact
- Show a diff preview of the proposed changes
- Apply the redactions after confirmation
Examples
Scan the current directory interactively:
trufflehog-redactor .
Redact all secrets without prompting:
trufflehog-redactor . --no-confirm
Preview changes without modifying files:
trufflehog-redactor . --dry-run
Use a custom placeholder:
trufflehog-redactor . --placeholder "[REDACTED]"
Pipe mode
You can also pipe TruffleHog JSON output directly if you need more control over TruffleHog flags:
trufflehog filesystem ./my-project --no-fail --no-update --json 2>/dev/null | trufflehog-redactor
This can be useful to run trufflehog via Docker, without installing it locally.
TUI Controls
| Key | Action |
|---|---|
↑ / k |
Move up |
↓ / j |
Move down |
Space |
Toggle selection |
a |
Toggle all |
t |
Toggle by detector category |
r |
Reveal / hide secrets |
Enter |
Confirm selection |
q |
Quit without redacting |
Testing with example secrets
The test_keys repo from TruffleSecurity contains real-looking example secrets you can use to try out the tool end-to-end:
# Clone the test repo
git clone https://github.com/trufflesecurity/test_keys /tmp/test_keys
trufflehog-redactor /tmp/test_keys
Tip: Start with
--dry-runto preview changes safely before applying any redactions.
License
Project details
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file trufflehog_redactor-0.1.0.tar.gz.
File metadata
- Download URL: trufflehog_redactor-0.1.0.tar.gz
- Upload date:
- Size: 24.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
816719b45adf5026dc542e813527c7bcab5ca497c003a24c97f8544a2e46d494
|
|
| MD5 |
6a7b4fa283f445aad4b2c6c55ce08119
|
|
| BLAKE2b-256 |
86592bae3bb66903e76130202a16fa5766de9716052d21285371ba5eca53b076
|
Provenance
The following attestation bundles were made for trufflehog_redactor-0.1.0.tar.gz:
Publisher:
publish.yml on didmar/trufflehog-redactor
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
trufflehog_redactor-0.1.0.tar.gz -
Subject digest:
816719b45adf5026dc542e813527c7bcab5ca497c003a24c97f8544a2e46d494 - Sigstore transparency entry: 976690127
- Sigstore integration time:
-
Permalink:
didmar/trufflehog-redactor@d00f7e713c51b7dc18cca9457a8a504e8d430608 -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/didmar
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@d00f7e713c51b7dc18cca9457a8a504e8d430608 -
Trigger Event:
release
-
Statement type:
File details
Details for the file trufflehog_redactor-0.1.0-py3-none-any.whl.
File metadata
- Download URL: trufflehog_redactor-0.1.0-py3-none-any.whl
- Upload date:
- Size: 11.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d281c48f2cb9479e20e40cecf4cd756dc914db8141c24b9eb625eec28b652683
|
|
| MD5 |
9cda967d9f10f8c32f7a3fa43075e24c
|
|
| BLAKE2b-256 |
df271997edaf3619abe1c65d5afd2d2afa97365319ff49a056bd8eb9420687ce
|
Provenance
The following attestation bundles were made for trufflehog_redactor-0.1.0-py3-none-any.whl:
Publisher:
publish.yml on didmar/trufflehog-redactor
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
trufflehog_redactor-0.1.0-py3-none-any.whl -
Subject digest:
d281c48f2cb9479e20e40cecf4cd756dc914db8141c24b9eb625eec28b652683 - Sigstore transparency entry: 976690128
- Sigstore integration time:
-
Permalink:
didmar/trufflehog-redactor@d00f7e713c51b7dc18cca9457a8a504e8d430608 -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/didmar
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@d00f7e713c51b7dc18cca9457a8a504e8d430608 -
Trigger Event:
release
-
Statement type:
