gitleaks - detecting and mitigating for secrets keys.

gitleaks – detecting and mitigating for secrets keys.

gitleaks a golang scripting for Searches full repo history for secrets and keys.
+ Search all commits on all branches in topological order
+ Regex/Entropy checks

Many web and mobile based applications interact with external services hosted by providers such as Facebook, Google and Amazon through Web APIs. The mechanism for authentication between the application and the service is often through an API key or a pair of an API client identifier and a secret key.


Since these services are intended to be invoked by serverside components of applications, the keys themselves would ideally lay dormant only in server-side program memory and thus be inaccessible for users of the application. However, many application developers choose to host their application source code publicly on repositories such as GitHub and BitBucket to incorporate contributions from the opensource community. In this scenario, if the developer keys are embedded within source code, they can be easily stolen by a malicious user who can authenticate themselves as the developer and misuse the services for their own profit.

+ Golang v1.8 or above

Use and Download: