secretlint: Pluggable linting tool to prevent committing credential


Secretlint is that Pluggable linting tool to prevent committing credentials.


  • Scanner: Found credentials in a project and report these
  • Project Friendly: Easy to set up your project and integrate CI services
  • Pre-Commit Hook: Prevent committing credential files
  • Pluggable: Allow creating custom rule and flexible configuration
  • Documentation: Describe the reason that rule detect it as secret

Use Cases

Hide secrets in lint error message

Secretlint support --maskSecrets option that mask secrets in lint error message. It is useful that you want to hide secrets in CI logs.

$ secretlint --maskSecrets "**/*"

Fix secrets

Secretlint can not fix the secrets automatically. However, It is useful that --format=mask-result mask the secrets of input file.

For example, you can mask the secrets of .zsh_history file and overwrite it.

$ secretlint .zsh_history --format=mask-result --output=.zsh_history


Secretlint WebExtension works on your browser.

This web extension aim to founds credentials that are included in your request/response.

Secretlint WebExtension integrates to DevTools in Chrome/Firefox. This extension helps web developers to notice exposed credentials.

Rule Packages

Secretlint rules has been implemented as separated modules.

Also, Secretlint provide rule preset that includes recommened rule set.

Install & Use

Copyright (c) 2020 azu