Metadata-Version: 2.4
Name: secret-scan
Version: 0.1.2
Summary: A simple secret/credential scanner for source code repositories.
Author-email: Your Name <you@example.com>
License: MIT License
        
        Copyright (c) 2025 amitu314, harshahemanth
        
        Permission is hereby granted, free of charge, to any person obtaining a copy
        of this software and associated documentation files (the "Software"), to deal
        in the Software without restriction, including without limitation the rights
        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
        copies of the Software, and to permit persons to whom the Software is
        furnished to do so, subject to the following conditions:
        
        The above copyright notice and this permission notice shall be included in all
        copies or substantial portions of the Software.
        
        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
        SOFTWARE.
        
        
Project-URL: Homepage, https://github.com/harshahemanth/secret-scan
Project-URL: Repository, https://github.com/harshahemanth/secret-scan
Project-URL: Issues, https://github.com/harshahemanth/secret-scan/issues
Project-URL: Documentation, https://github.com/harshahemanth/secret-scan#readme
Keywords: security,secrets,credentials,scanner
Classifier: Programming Language :: Python :: 3
Classifier: License :: OSI Approved :: MIT License
Classifier: Environment :: Console
Classifier: Intended Audience :: Developers
Classifier: Topic :: Security
Requires-Python: >=3.9
Description-Content-Type: text/markdown
License-File: LICENSE
Dynamic: license-file

# secret-scan

A fast, lightweight CLI tool to detect secrets in source code.

`secret-scan` scans directories for sensitive data such as:

- AWS Access Keys and Secret Keys
- OpenAI API keys (sk-...)
- Password assignments
- Bearer tokens
- SSH private keys
- Azure storage keys
- Generic API keys and tokens
- JWT tokens

It skips binary files, ignores common junk directories (node_modules, .git, venv, etc.), avoids scanning large files, and supports extensible regular expressions.

## Installation

    pip install secret-scan

To upgrade:

    pip install --upgrade secret-scan

## Basic Usage

Scan the current directory:

    secret-scan .

Scan a specific directory:

    secret-scan ~/projects/my-repo

Write results to a file (default: docsCred.txt):

    secret-scan . --output secrets.txt

## JSON Output

Generate JSON output (useful for CI pipelines):

    secret-scan . --json

Example output:

    [
      {
        "file": "config/settings.py",
        "line": 20,
        "match": "AWS_ACCESS_KEY_ID=AKIA1234567890ABCD12"
      },
      {
        "file": "service/api.py",
        "line": 42,
        "match": "sk-ABCDEFGHIJKLMNOPQRSTUV123456"
      }
    ]

## Command-Line Options

| Flag              | Description                                |
|------------------|--------------------------------------------|
| --output <file>  | Save text results (default: docsCred.txt)   |
| --skip-ext .log  | Skip specific file extensions               |
| --skip-dir <dir> | Skip specific directories                   |
| --max-size-mb N  | Scan only files smaller than N MB           |
| --json           | Print JSON results to stdout                |

Example:

    secret-scan . --skip-ext .log --skip-dir build --json

## What It Detects

### AWS
- Access Key IDs (AKIA...)
- Secret Access Keys
- Environment variable forms such as AWS_ACCESS_KEY_ID=...

### OpenAI
- Keys beginning with sk-

### Passwords and Tokens
- password=...
- api_key=...
- Bearer tokens
- JWT tokens (xxx.yyy.zzz)

### Private Keys
- -----BEGIN PRIVATE KEY-----

### Cloud Provider Keys
- Azure storage account keys
- Redis/MySQL/Postgres/Mongo/FTP/SMTP connection strings

## Automatic Skips

The scanner automatically ignores:

- .git, .hg, .svn
- node_modules
- Python virtual environments (venv, .venv, env)
- Binary files (null-byte detection)
- Large files (over 5 MB by default)
- Common non-text extensions (images, archives, executables)

## Extending Detection Patterns

Detection patterns are defined in:

    src/secret_scanner/patterns.py

You may extend or modify these patterns to detect additional token types.

## Programmatic Usage

Example using the Python API:

    from pathlib import Path
    from secret_scanner import scan_directory

    matches = scan_directory(Path("."), output_path=None)
    for m in matches:
        print(m["file"], m["line"], m["match"])

## Running Tests

    pytest -q

## Contributing

Contributions are welcome.

1. Fork the repository
2. Create a feature branch
3. Add tests for new functionality
4. Open a pull request

## License

This project is licensed under the MIT License. See the LICENSE file for full details.

