secretscan

command
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 19, 2026 License: MIT Imports: 1 Imported by: 0

README

SecretScan

Catch API keys leaking through your LLM.

SecretScan detects API keys, passwords, and secrets in both requests and responses. Blocks or redacts before they reach the model or your users.

Quickstart

export OPENAI_API_KEY=sk-...
npx @stockyard/secretscan

# Your app:   http://localhost:5620/v1/chat/completions
# Dashboard:  http://localhost:5620/ui

What You Get

  • Bidirectional secret scanning
  • AWS, GCP, GitHub, Stripe key patterns
  • Block or redact modes
  • Custom pattern definitions
  • Higher severity than PII
  • Dashboard with detection log

Config

# secretscan.yaml
port: 5620
providers:
  openai:
    api_key: ${OPENAI_API_KEY}
secretscan:
  mode: redact  # block | redact | alert
  patterns:
    - aws_key
    - github_token
    - stripe_key
    - generic_api_key
    - private_key

Docker

docker run -p 5620:5620 -e OPENAI_API_KEY=sk-... stockyard/secretscan

Part of Stockyard

SecretScan is part of Stockyard — an open-source LLM proxy and control plane. MIT licensed.

Documentation

Overview

SecretScan — "Catch API keys and secrets leaking in requests and responses."

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.