Secret Sweeper CLI
Find secrets before they leak.
API keys. Passwords. Tokens. Git history.
Quick Start
bash
npm install -g secretsweep
bash
# Scan current directory secretsweep scan # Scan git history secretsweep git # Pre-commit hook secretsweep hook install
What It Finds
- •AWS access keys
- •Google Cloud credentials
- •GitHub tokens
- •Private keys
- •Database URLs
- •API keys (generic patterns)
- •Passwords in config
Commands
bash
# Scan directory
secretsweep scan ./src
# Scan specific files
secretsweep scan "**/*.{js,ts,env}"
# Scan git commits
secretsweep git --commits 100
# Scan entire git history
secretsweep git --all
# Scan staged files only
secretsweep staged
# Install pre-commit hook
secretsweep hook install
# CI mode
secretsweep scan --ci
Example Output
code
🔍 Secret Sweep Results ❌ SECRETS FOUND (3) src/config.js:15 Type: AWS Access Key Match: AKIA...XXXX (redacted) .env.example:8 Type: Database URL with password Match: postgres://user:***@host/db config/prod.json:23 Type: GitHub Token Match: ghp_...XXXX (redacted) Run with --fix to see remediation steps
Configuration
yaml
# .secretsweeprc rules: - aws-access-key - github-token - private-key ignore: - "*.test.js" - "mock/**" allowlist: - "EXAMPLE_KEY_DO_NOT_USE"
Pre-commit Hook
bash
# Install hook secretsweep hook install # Uninstall secretsweep hook remove
When to Use This
- •Pre-commit checks
- •CI/CD pipelines
- •Security audits
- •Repository cleanup
- •Compliance scanning
Built by LXGIC Studios