
detect-secrets
An enterprise friendly way of detecting and preventing secrets in code.
The Lens
detect-secrets stops credentials from getting committed to your repo in the first place. It scans code for things that look like passwords, API keys, and tokens, and it's built to run as a pre-commit hook so a leaked secret gets caught before it ever lands in git history. Open source, from Yelp, free.
Its trick is a baseline file: it records the secrets it already knows about, including false positives you've marked, so it only alerts on new ones. That keeps it quiet enough to actually leave enabled, which is the whole game with secret scanning. Setup is a pip install and a pre-commit config, and it runs locally with no service.
Fully free, no paid tier. It sits in a crowded space: Gitleaks and TruffleHog are the other open source options, and each has a slightly different angle. detect-secrets leans hardest into the pre-commit, baseline-driven workflow, which makes it a strong default for stopping leaks at the source rather than finding them after.
The catch: it catches secrets that match its detectors and heuristics, not every possible secret. A credential in an unusual format can slip past, and the baseline approach means a secret already in your history won't get flagged. It's prevention going forward, not a cleanup tool for what already leaked.
Free vs Self-Hosted vs Paid
fully freeSelf-hosted (free): detect-secrets under Apache-2.0, from Yelp. A Python tool built to run as a pre-commit hook, catching credentials before they land in git. A baseline file records known secrets and false positives so it only alerts on new ones. Runs locally, no service.
Commercial: None.
The call: A strong default for stopping leaks at the source. Gitleaks and TruffleHog are the other free options, each with a slightly different angle.
Completely free and open source. No paid tier.
Get tools like this every Wednesday
One featured tool, three on the radar. No fluff.
About
- Owner
- Yelp.com (Organization)
- Stars
- 4,583
- Forks
- 553
Explore Further
More tools in the directory
openclaw
Your own personal AI assistant. Any OS. Any Platform. The lobster way. 🦞
381.5k ★everything-claude-code
The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.
225.3k ★hermes-agent
The agent that grows with you
208.2k ★