EnvGuard Secret & Credential Scanner
Scan repos and workspaces for leaked secrets. API keys in code, passwords in configs, tokens in logs. Catches them before they hit git.
Find leaked secrets before they reach production.
Quick Scan
CODEBLOCK0
What It Finds
| Secret Type | Pattern |
|---|
| API Keys | INLINECODE0�, AKIA..., �INLINECODE2 |
| Passwords |
password=,
passwd: |
| Tokens |
token=,
bearer ... |
| Private Keys |
-----BEGIN RSA PRIVATE KEY----- |
| Connection Strings |
mongodb://,
postgres:// |
| Webhook URLs | Discord webhooks, Slack webhooks |
Features
- - Custom patterns — add your own secret patterns
- Allowlisting — mark false positives to skip
- CI integration — exit code 1 for pipeline gates
Output
CODEBLOCK1�
⚠️ Disclaimer
This software is provided "AS IS", without warranty of any kind, express or implied.
USE AT YOUR OWN RISK.
- - The author(s) are NOT liable for any damages, losses, or consequences arising from
the use or misuse of this software — including but not limited to financial loss,
data loss, security breaches, business interruption, or any indirect/consequential damages.
- - This software does NOT constitute financial, legal, trading, or professional advice.
- Users are solely responsible for evaluating whether this software is suitable for
their use case, environment, and risk tolerance.
- - No guarantee is made regarding accuracy, reliability, completeness, or fitness
for any particular purpose.
- - The author(s) are not responsible for how third parties use, modify, or distribute
this software after purchase.
By downloading, installing, or using this software, you acknowledge that you have read
this disclaimer and agree to use the software entirely at your own risk.
DATA DISCLAIMER: This software processes and stores data locally on your system.
The author(s) are not responsible for data loss, corruption, or unauthorized access
resulting from software bugs, system failures, or user error. Always maintain
independent backups of important data. This software does not transmit data externally
unless explicitly configured by the user.
Support & Links
| |
|---|
| 🐛 Bug Reports | TheShadowyRose@proton.me |
| ☕ Ko-fi |
ko-fi.com/theshadowrose |
| 🛒
Gumroad |
shadowyrose.gumroad.com |
| 🐦
Twitter |
@TheShadowyRose |
| 🐙
GitHub |
github.com/TheShadowRose |
| 🧠
PromptBase |
promptbase.com/profile/shadowrose |
Built with OpenClaw — thank you for making this possible.
🛠️
Need something custom? Custom OpenClaw agents & skills starting at $500. If you can describe it, I can build it. →
Hire me on FiverrEnvGuard 密钥与凭证扫描器
扫描代码仓库和工作区中泄露的密钥。代码中的API密钥、配置文件中的密码、日志中的令牌。在它们进入Git之前捕获它们。
在生产环境之前发现泄露的密钥。
快速扫描
bash
node src/env-guard.js scan ./my-project
检测内容
| 密钥类型 | 模式 |
|---|
| API密钥 | sk-...、AKIA...、ghp_... |
| 密码 |
password=、passwd: |
| 令牌 | token=、bearer ... |
| 私钥 | -----BEGIN RSA PRIVATE KEY----- |
| 连接字符串 | mongodb://、postgres:// |
| Webhook URL | Discord webhook、Slack webhook |
功能特性
- - 自定义模式 — 添加你自己的密钥模式
- 白名单 — 标记误报以跳过
- CI集成 — 管道门控返回退出码1
输出结果
🔴 发现密钥 — 3个问题
src/config.js:12
检测到API密钥: sk-proj-...Tm4x (OpenAI)
.env.backup:3
已提交文件中的数据库密码
logs/debug.log:445
明文记录的Bearer令牌
⚠️ 免责声明
本软件按原样提供,不附带任何明示或暗示的担保。
使用风险自负。
- - 作者不对因使用或滥用本软件而产生的任何损害、损失或后果承担责任——包括但不限于财务损失、数据丢失、安全漏洞、业务中断或任何间接/后果性损害。
- 本软件不构成财务、法律、交易或专业建议。
- 用户全权负责评估本软件是否适合其使用场景、环境和风险承受能力。
- 不对准确性、可靠性、完整性或特定用途的适用性做出任何保证。
- 作者不对第三方在购买后如何使用、修改或分发本软件负责。
下载、安装或使用本软件即表示您已阅读本免责声明并同意完全自担风险使用本软件。
数据免责声明: 本软件在您的系统上本地处理和存储数据。作者不对因软件错误、系统故障或用户错误导致的数据丢失、损坏或未经授权访问负责。请始终保留重要数据的独立备份。除非用户明确配置,否则本软件不会将数据外部传输。
支持与链接
| |
|---|
| 🐛 错误报告 | TheShadowyRose@proton.me |
| ☕ Ko-fi |
ko-fi.com/theshadowrose |
| 🛒
Gumroad |
shadowyrose.gumroad.com |
| 🐦
Twitter |
@TheShadowyRose |
| 🐙
GitHub |
github.com/TheShadowRose |
| 🧠
PromptBase |
promptbase.com/profile/shadowrose |
基于 OpenClaw 构建 — 感谢您让这一切成为可能。
🛠️
需要定制功能? 自定义OpenClaw代理和技能,起价500美元。只要您能描述,我就能构建。→
在Fiverr上雇佣我
