Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: I built a tool that helps people scan and clean any repo for secrets (securelog.com)
20 points by lexokoh 3 months ago | hide | past | favorite | 22 comments



Trufflehog does good job and GitGuardian is amazing. Whats new with yours?

p.s: i have contributed to those projects in past


We built customized components for RSC and Logs. You should check it out. It's a bit different from what's out there, and this is from the feedback we got from the team we are working with.


Would really love your feedback and you can contribute as well


Sounds good! will take a look soon :)


I tried scanning one repository (gitlab/gitlab) and it spun for a couple of minutes then failed with "Network Error." No other error details are available.


Sorry about that. Is it a private or large repo? If so, you need to scan it from the CLI.

I am checking if there's any issue right now.


> Is it a private or large repo?

I entered "rtyley/small-test-repo" which is public and small - and also got "Request failed with status code 400. Try again".


Yah, server overload for the web version. Taking a look now. Sorry about that.

You can try again. I just tried it


Yes gitlab/gitlab is a large repo.


Just run `npx securelog-scan` locally on the repo. You don't need to install it if you don't want to.


it would be handy in the age of AI, to be able to dynamically scrub data that gets copied/pasted into the AI.

It's too easy to leak secrets, or even doxx yourself through file paths containing your name etc.

I'd love to find a tool that made scrubbing that data easy


This is sort-of describing https://docs.private-ai.com/webdemo/


thanks, that is close!


As a security engineer, I started building this tool but my feedback was so poor that no one cared pasting secrets, personal data into LLM chats.


We are working on this for the next release happy to get your feedback on it if it's possible


Great. I implemented my own simple prototype, a python script that edits my clipboard. I used the pyperclip module and a yaml file with a list of key words to substitute. Substitution is necessary rather than removal, so that the AI's responses are still useful.

I got basic functions working but there are some nice-to-have things missing.

E.g. bidirectional info preservation. Ideally if i change /my_full_name/ file path, I want it to be translated to /john_doe/ and when the LLM gives back its response, I want to be able to paste /my_full_name/ back.

Also, preferably it would be highly automated, where I have to manually run my script to edit my clipboard. Also, nice to have it work for non manual cases such as when using aider-chat.

Further down the line, automated redaction of screenshots.


This is great. I am happy to collaborate. If you fill out the contact form on the site, I'll contact you to try it out. Or open an issue.


looks familiar


there comes trufflehog contributor :P


A similar tool is detect-secrets[1].

[1] https://github.com/Yelp/detect-secrets


Also similar, Pillager (or Gitleaks) is worth having on the sanity checklist

https://github.com/brittonhayes/pillager

https://terminaltrove.com/pillager/ <-- TerminalTrove is worth regularly checking.

    powerful rules functionality to recursively search directories for sensitive information in files. 

    At it's core, Pillager is designed to assist you in determining if a system is affected by common sources of credential leakage as documented by the MITRE ATT&CK framework.
Good for catching those Oops I deployed the company password list again SNAFU's. reply


Nice, i like some of the concepts.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: