Documentation
¶
Overview ¶
Package secrets provides regex-based secret detection in files. This is pure pattern matching — no AI/LLM involved.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var FolderBlacklist = []string{
"node_modules",
".git",
"vendor",
"__pycache__",
".venv",
"dist",
"build",
"bin",
"out",
".env",
}
FolderBlacklist contains directory names that should never be committed.
var NameBlacklist = []string{
".env",
".env.local",
".env.production",
".pem",
".key",
".p12",
".pkcs8",
".keystore",
"credentials.json",
"credentials.yaml",
"secrets.yaml",
"secrets.yml",
"id_rsa",
"id_ecdsa",
"id_ed25519",
"git-courer",
}
NameBlacklist contains file patterns/names that should never be committed.
Functions ¶
func Detect ¶
func Detect(files []string) ([]domain.SecretDetection, error)
Detect checks if files contain secrets using regex patterns.
func DetectInContent ¶ added in v1.4.2
func DetectInContent(content string) []domain.SecretDetection
DetectInContent scans a string (like a git diff) for sensitive patterns.
func ExtractFilename ¶
ExtractFilename extracts just the filename from a full path.
func IsBinary ¶
IsBinary checks if a file is binary by looking at its first 512 bytes. It uses magic bytes detection for common executable formats.
func IsBlacklistedFolder ¶
IsBlacklistedFolder checks if any component of the path is in the folder blacklist. Example: "vendor/foo/bar" → true (vendor is blacklisted) Example: "src/main.go" → false
func IsBlacklistedName ¶
IsBlacklistedName checks if the filename matches the name blacklist.
Types ¶
This section is empty.