23 comments

[ 3.1 ms ] story [ 63.0 ms ] thread
A similar tool is detect-secrets[1].

[1] https://github.com/Yelp/detect-secrets

(comment deleted)
Nice, i like some of the concepts.
Also similar, Pillager (or Gitleaks) is worth having on the sanity checklist

https://github.com/brittonhayes/pillager

https://terminaltrove.com/pillager/ <-- TerminalTrove is worth regularly checking.

    powerful rules functionality to recursively search directories for sensitive information in files. 

    At it's core, Pillager is designed to assist you in determining if a system is affected by common sources of credential leakage as documented by the MITRE ATT&CK framework.
Good for catching those Oops I deployed the company password list again SNAFU's. reply
I tried scanning one repository (gitlab/gitlab) and it spun for a couple of minutes then failed with "Network Error." No other error details are available.
Sorry about that. Is it a private or large repo? If so, you need to scan it from the CLI.

I am checking if there's any issue right now.

Yes gitlab/gitlab is a large repo.
Just run `npx securelog-scan` locally on the repo. You don't need to install it if you don't want to.
> Is it a private or large repo?

I entered "rtyley/small-test-repo" which is public and small - and also got "Request failed with status code 400. Try again".

Yah, server overload for the web version. Taking a look now. Sorry about that.

You can try again. I just tried it

Trufflehog does good job and GitGuardian is amazing. Whats new with yours?

p.s: i have contributed to those projects in past

We built customized components for RSC and Logs. You should check it out. It's a bit different from what's out there, and this is from the feedback we got from the team we are working with.
Would really love your feedback and you can contribute as well
it would be handy in the age of AI, to be able to dynamically scrub data that gets copied/pasted into the AI.

It's too easy to leak secrets, or even doxx yourself through file paths containing your name etc.

I'd love to find a tool that made scrubbing that data easy

We are working on this for the next release happy to get your feedback on it if it's possible
Great. I implemented my own simple prototype, a python script that edits my clipboard. I used the pyperclip module and a yaml file with a list of key words to substitute. Substitution is necessary rather than removal, so that the AI's responses are still useful.

I got basic functions working but there are some nice-to-have things missing.

E.g. bidirectional info preservation. Ideally if i change /my_full_name/ file path, I want it to be translated to /john_doe/ and when the LLM gives back its response, I want to be able to paste /my_full_name/ back.

Also, preferably it would be highly automated, where I have to manually run my script to edit my clipboard. Also, nice to have it work for non manual cases such as when using aider-chat.

Further down the line, automated redaction of screenshots.

This is great. I am happy to collaborate. If you fill out the contact form on the site, I'll contact you to try it out. Or open an issue.
As a security engineer, I started building this tool but my feedback was so poor that no one cared pasting secrets, personal data into LLM chats.