Stop secrets before they leak.

Enterprise-grade secret detection for your codebase. Scan for API keys, tokens, credentials, and sensitive data before they reach your repository.

Get Started Learn More
$ pip install codesanitize-pro

Built for real-world security

🔎

35+ Built-in Detectors

AWS, GitHub, Stripe, OpenAI, Slack, Azure, GCP, and many more. Covers every major cloud provider and service.

📈

Entropy-based Detection

Catch high-entropy strings that look like secrets even when they don't match a known pattern. No secret slips through.

Live Verification

Optionally verify if detected secrets are actually active and valid. Reduce false positives, focus on real threats.

🛠

CI/CD Ready

GitHub Actions, GitLab CI, pre-commit hooks. Generate configs with a single command. Block merges with leaked secrets.

📄

Multiple Output Formats

Console, JSON, SARIF, HTML, CSV. Integrate with GitHub Code Scanning, feed into dashboards, or export for audits.

📚

Baseline Support

Track known findings and only alert on new ones. Perfect for large codebases with historical secrets being remediated.

Comprehensive detection coverage

35+ detectors across every category that matters

AWS Access Key AWS Secret Key GitHub Token GitLab Token Stripe API Key OpenAI API Key Anthropic API Key Slack Token Discord Webhook MongoDB URI PostgreSQL URI Redis URI JWT Token Private Keys Azure Storage GCP Service Account Heroku API Key Cloudflare Token NPM Token PyPI Token Twilio SendGrid HuggingFace Token High Entropy Strings

Simple, powerful CLI

# Scan your project
$ codesanitize scan

# Scan staged files before commit
$ codesanitize scan --staged

# Verify secrets are actually active
$ codesanitize scan --verify

# Generate SARIF for GitHub Code Scanning
$ codesanitize scan --format sarif -o results.sarif

# Install pre-commit hook
$ codesanitize install-hook

Protect your secrets today

Open source. MIT licensed. Install in seconds.

View on GitHub