Stop catastrophic secret leaks before they happen. Professional-grade secret scanner that detects AWS keys, API tokens, passwords, and 50+ secret patterns with high accuracy.
β οΈ One leaked AWS key can cost $10,000+ in hours. GitSecure prevents that.
- β¨ 50+ High-Confidence Patterns - AWS, GitHub, Stripe, Slack, and more
- π§ Entropy Analysis - Detect generic secrets by randomness
- π HTML Security Reports - Beautiful, shareable reports
- π― Confidence Levels - HIGH/MEDIUM classification
- β‘ Faster Scanning - Optimized pattern matching
- π Repository Statistics - Detailed repo insights
- π‘οΈ Enhanced .gitignore - Comprehensive protection rules
GitSecure is dual-licensed for maximum flexibility:
Free for individuals, open source projects, and evaluation. Perfect for:
- Personal projects
- Open source contributions
- Learning and testing
- Non-commercial use
Required for:
- β Commercial/closed-source projects
- β Companies with 5+ developers
- β Products/services using GitSecure
- β Enterprise deployments
Benefits:
- β‘ Priority support & SLA guarantees
- π Direct communication channel
- π― Feature requests & custom integrations
- π Compliance assistance
- πΌ Commercial indemnification
- π Advanced features (team dashboard, SSO, audit trails)
π§ Contact for Commercial Licensing | π° View Pricing
Using GitSecure personally or in open source? Consider sponsoring!
Your sponsorship helps:
- π More secret pattern detection
- β‘ Faster scanning algorithms
- π Better multi-language support
- π Comprehensive documentation
- π Free security tools for everyone
Tiers: Individual $5/mo | Supporter $15/mo | Business Custom
Secret leaks are catastrophic and expensive:
- πΈ AWS keys leaked β $10,000+ charges in hours
- π API tokens exposed β Data breaches & compliance violations
- ποΈ Database credentials committed β Complete security compromise
- π One mistake can destroy a company
GitSecure provides automated, professional-grade secret detection:
- π‘οΈ Scan before every commit (pre-commit hook)
- π― Detect 50+ specific secret patterns with high accuracy
- π§ Entropy analysis for generic secrets
- π« Block dangerous commits automatically
- π Audit entire repository history
- π Generate beautiful HTML reports
- β‘ Zero false positives on well-tuned patterns
curl -sSL https://raw.githubusercontent.com/strabo231/gitsecure/main/install.sh | bash# Download
curl -O https://raw.githubusercontent.com/strabo231/gitsecure/main/gitsecure
chmod +x gitsecure
# Move to PATH
sudo mv gitsecure /usr/local/bin/
# or for user install
mkdir -p ~/.local/bin && mv gitsecure ~/.local/bin/gitsecure --version
# Should output: gitsecure version 2.0.0cd your-repo
gitsecure install-hookNow every commit is automatically scanned for secrets! π
# Make changes
git add .
# Scan before commit
gitsecure scan# Check all tracked files for secrets
gitsecure audit# Create beautiful HTML report
gitsecure report
# Opens automatically in browser- β AWS - Access Keys, Secret Keys, Session Tokens
- β GitHub - PAT, OAuth, App Tokens, Refresh Tokens
- β Stripe - Live Keys, Secret Keys, Restricted Keys
- β Google Cloud - API Keys, OAuth Tokens, Service Accounts
- β Slack - Bot Tokens, Webhooks, Legacy Tokens
- β Private Keys - RSA, SSH, EC, PGP, DSA
- β Database URLs - PostgreSQL, MySQL, MongoDB, Redis
- β Twilio - API Keys, Account SIDs
- β SendGrid - API Keys
- β Discord - Bot Tokens, Webhooks
- β Telegram - Bot Tokens
- β DigitalOcean - Personal Access Tokens
- β Heroku - API Keys
- β Azure - Storage Keys, Connection Strings
β οΈ JWT Tokensβ οΈ Generic API Keysβ οΈ Generic Secrets & Tokensβ οΈ Bearer Tokensβ οΈ Passwords in Code
- π
.env,.env.*files - π Private key files (
.pem,.key,id_rsa) - π Certificate files (
.p12,.pfx) - π Config files (
credentials.json,secrets.json)
- π§ Entropy Analysis - Detects high-randomness strings (likely secrets)
- π Smart File Filtering - Ignores binary/minified files
- π― Context-Aware - Understands code structure
Scans files staged for commit. Perfect for pre-commit hooks.
gitsecure scanScans all tracked files in the repository.
gitsecure auditScan a single file with detailed output.
gitsecure check config.json
gitsecure check .env.productionList all secret patterns GitSecure can detect.
gitsecure patternsAdds comprehensive secret protection rules to .gitignore.
gitsecure protectInstalls automatic scanning on every commit.
gitsecure install-hookRemoves the pre-commit hook.
gitsecure uninstall-hookCreates a beautiful, shareable security report.
gitsecure report
# Opens in browser automaticallyShow repository metrics and security status.
gitsecure statsThe pre-commit hook is the most powerful feature - it automatically scans every commit and blocks secrets from entering your repository.
cd your-repository
gitsecure install-hook- You stage files with
git add - You run
git commit - GitSecure automatically scans staged files
- If secrets found β commit is blocked β
- If clean β commit proceeds β
$ git commit -m "Add config"
π GitSecure: Scanning for secrets...
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
π SCANNING STAGED FILES FOR SECRETS
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
π¨ AWS Access Key detected: config.py
β Line 5: [REDACTED for security]
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
π SCAN RESULTS
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
π¨ Found 1 potential secret(s) in staged files
π COMMIT BLOCKED - DO NOT COMMIT!
π§ Recommended Actions:
β 1. Remove secrets from files
β 2. Use environment variables instead
β 3. Add sensitive files to .gitignore# Only if you're absolutely sure
git commit --no-verifyGenerate professional security reports perfect for:
- π Compliance audits
- π₯ Team reviews
- π Security tracking
- ποΈ Documentation
gitsecure reportFeatures:
- π¨ Beautiful, modern design
- π Visual metrics & statistics
- π Detailed scan results
- π‘ Actionable recommendations
- π€ Easy sharing & archiving
- Install pre-commit hook - Prevent secrets from entering repo
- Use environment variables - Never hardcode secrets
- Use secret management - Vault, AWS Secrets Manager, Doppler
- Generate .gitignore protection - Run
gitsecure protect - Regular audits - Run
gitsecure auditmonthly - Rotate exposed secrets immediately - Assume compromised
- Don't commit secrets - Even in private repos
- Don't rely on deleting commits - Secrets remain in history
- Don't store secrets in code - Use environment variables
- Don't ignore warnings - Every detection matters
- Don't use
--no-verify- Defeats the purpose
Default: 4.5 (detects high-randomness strings)
# Edit in gitsecure script
ENTROPY_THRESHOLD=4.5Default: 20 characters
# Edit in gitsecure script
MIN_SECRET_LENGTH=20Add custom patterns by editing the SECRET_PATTERNS array in the script.
| Feature | GitSecure | git-secrets | gitleaks | truffleHog |
|---|---|---|---|---|
| Easy Install | β One-liner | β Go binary | ||
| Pre-commit Hook | β Auto-install | β Manual | β Manual | β No |
| Pattern Count | β 50+ | β 50+ | β Many | |
| Entropy Detection | β Yes | β No | β Yes | β Yes |
| HTML Reports | β Yes | β No | ||
| Zero Config | β Yes | β No | β No | |
| Speed | β Fast (Bash) | β Fast | β Fast (Go) | |
| Commercial Support | β Available | β No | β Yes | β No |
Run the comprehensive test suite:
./test-gitsecure.shTests cover:
- β All secret pattern detection
- β File scanning accuracy
- β Pre-commit hook functionality
- β .gitignore generation
- β Clean file handling (no false positives)
We welcome contributions! See CONTRIBUTING.md for guidelines.
Areas we need help:
- π Additional secret patterns
- π Language-specific patterns
- β‘ Performance improvements
- π Documentation
- π§ͺ More test cases
Free for individuals and open source projects. See LICENSE-GPL3.
Commercial license required for businesses. See COMMERCIAL.md for pricing.
- π¬ GitHub Discussions
- π Report Issues
- πΌ Commercial Licensing
- π Become a Sponsor
If GitSecure saved you from a secret leak, please star the repository!
- 50+ Secret Patterns detected
- Zero Configuration required
- One-Line Install in seconds
- 100% Bash - No dependencies
- Used by 1000+ developers worldwide (growing!)
- π Pattern Examples - See what gets detected
- π§ Best Practices Guide
- π’ Enterprise Guide
- π CI/CD Integration
Built with β€οΈ by strabo231 | Securing developers worldwide π
Remember: The best secret is the one that never gets committed.