secretsscan

package
v1.54.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 28, 2026 License: Apache-2.0 Imports: 4 Imported by: 0

Documentation

Overview

Package secretsscan recognises common API tokens, cloud credentials, and other secret material in arbitrary text.

ContainsSecrets reports whether any rule matches the input; Redact replaces every detected secret span with RedactionMarker while preserving the surrounding text. Both are safe for concurrent use and idempotent.

The ruleset is derived from the MIT-licensed github.com/docker/mcp-gateway/pkg/secretsscan package, which adapted it from github.com/aquasecurity/trivy/pkg/fanal/secret.

Index

Constants

View Source 
const RedactionMarker = "[REDACTED]"

RedactionMarker replaces every detected secret span. Chosen so it doesn't match any rule's keyword pre-filter — see TestRedactionMarkerIsNotASecret for the safety property that makes Redact idempotent.

Variables

This section is empty.

Functions

func ContainsSecrets 

func ContainsSecrets(text string) bool

ContainsSecrets reports whether text matches any detection rule.

func Redact 

func Redact(text string) string

Redact returns a copy of text with every detected secret span replaced by RedactionMarker. When a rule defines a (?P<secret>…) named subgroup, only that span is replaced (so callers still see "AWS_SECRET_ACCESS_KEY=[REDACTED]"); otherwise the whole match is replaced.

Idempotent: RedactionMarker does not match any rule, so calling Redact twice yields the same result.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.