AgentSkillsCN

Secret Sweeper CLI

在代码中查找敏感信息与 API 密钥。通过扫描 Git 历史记录、设置预提交钩子,防止凭据泄露。免费的安全工具。

SKILL.md
--- frontmatter
name: Secret Sweeper CLI
description: Find secrets and API keys in code. Git history scanning, pre-commit hooks. Prevent credential leaks. Free security tool.
tags: [secrets, security, api-keys, git, scanning, cli, credentials]

Secret Sweeper CLI

Find secrets before they leak.

API keys. Passwords. Tokens. Git history.

Quick Start

bash
npm install -g secretsweep
bash
# Scan current directory
secretsweep scan

# Scan git history
secretsweep git

# Pre-commit hook
secretsweep hook install

What It Finds

  • AWS access keys
  • Google Cloud credentials
  • GitHub tokens
  • Private keys
  • Database URLs
  • API keys (generic patterns)
  • Passwords in config

Commands

bash
# Scan directory
secretsweep scan ./src

# Scan specific files
secretsweep scan "**/*.{js,ts,env}"

# Scan git commits
secretsweep git --commits 100

# Scan entire git history
secretsweep git --all

# Scan staged files only
secretsweep staged

# Install pre-commit hook
secretsweep hook install

# CI mode
secretsweep scan --ci

Example Output

code
🔍 Secret Sweep Results

❌ SECRETS FOUND (3)

src/config.js:15
  Type: AWS Access Key
  Match: AKIA...XXXX (redacted)
  
.env.example:8
  Type: Database URL with password
  Match: postgres://user:***@host/db

config/prod.json:23
  Type: GitHub Token
  Match: ghp_...XXXX (redacted)

Run with --fix to see remediation steps

Configuration

yaml
# .secretsweeprc
rules:
  - aws-access-key
  - github-token
  - private-key
ignore:
  - "*.test.js"
  - "mock/**"
allowlist:
  - "EXAMPLE_KEY_DO_NOT_USE"

Pre-commit Hook

bash
# Install hook
secretsweep hook install

# Uninstall
secretsweep hook remove

When to Use This

  • Pre-commit checks
  • CI/CD pipelines
  • Security audits
  • Repository cleanup
  • Compliance scanning

Built by LXGIC Studios

🔗 GitHub · Twitter