captainhook/secrets

Utility classes to detect secrets

Package info

github.com/captainhook-git/secrets

pkg:composer/captainhook/secrets

Fund package maintenance!

sebastianfeldmann

Statistics

Installs: 4 387 896

Dependents: 2

Suggesters: 0

Stars: 11

Open Issues: 0

0.9.7 2025-04-08 07:10 UTC

Requires

Requires (Dev)

None

Suggests

None

Provides

None

Conflicts

None

Replaces

None

MIT d62c97f75f81ac98e22f1c282482bd35fa82f631

  • Sebastian Feldmann <sf.woop@sebastian-feldmann.info>

passwordssecretskeystokenscommit-msgprepare-commit-msgpost-merge

This package is auto-updated.

Last update: 2026-06-08 09:57:40 UTC

README

👁 Latest Stable Version
👁 Minimum PHP Version
👁 Downloads
👁 License
👁 Build Status
👁 Twitter

This package is used to detect passwords in your code. Mainly to prevent you from committing them to your version control.

You can use the regular expressions provided by the classes under Regex\Supplier or make use of the included Detector class. You can easily create your own Supplier classes or open a pull-request if you think it would be useful to others.

Here are some usage examples:

Using Suppliers

$result = Detector::create()
 ->useSuppliers(
 Aws::class,
 Google::class,
 GitHub::class
 )->detectIn($myString)

if ($result->wasSecretDetected()) {
 echo "secret detected: " . implode('', $result->matches());
}

Using your custom regex

$result = Detector::create()
 ->useRegex('#password = "\\S"#i')
 ->detectIn($myString)

if ($result->wasSecretDetected()) {
 echo "secret detected: " . implode('', $result->matches());
}

The Detector also supports a white list

$result = Detector::create()
 ->useRegex('#password = "\\S"#i')
 ->allow('#root#')
 ->detectIn($myString)

if ($result->wasSecretDetected()) {
 echo "secret detected: " . implode('', $result->matches());
}