Automic VaultAutomic Vault

brew

Install detect-secrets with Homebrew, Nix

Enterprise friendly way of detecting and preventing secrets in code. Version 1.5.0 via Homebrew; verified 2026-05-20.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install detect-secrets

local Homebrew formula metadata

overview

Package summary

Enterprise friendly way of detecting and preventing secrets in code

Commands and aliases

  • detect-secrets
  • detect-secrets-hook

history

Project history and usage

detect-secrets is Yelp's open-source command-line scanner for finding secrets in code and, more importantly, preventing newly introduced secrets from entering a repository. Its README describes the baseline workflow as a way to accept existing findings while blocking new ones.

Project history

The GitHub repository was created in December 2017, and the README presents the tool as enterprise-friendly secret detection. Its changelog shows continued 1.x releases through 2024, including new detectors for GitLab, Telegram, PyPI, OpenAI, and IP addresses, plus support for newer Python versions.

Adoption history

detect-secrets was designed for large repositories where immediately removing every old secret-like value may be impractical. The baseline model helped it fit pre-commit hooks and CI workflows: teams generate .secrets.baseline, audit it, and then use detect-secrets-hook or scans to catch new findings.

How it is used

The standard package-manager workflow is to install the CLI, run detect-secrets scan into .secrets.baseline, and wire detect-secrets-hook into staged-file or tracked-file checks. The README also documents auditing the baseline and tuning detectors and filters for local policy.

Why package nerds care

Package nerds care about detect-secrets because it is a practical DevSecOps CLI with a persistent config artifact rather than a one-shot grep-like scanner. It sits alongside pre-commit, GitHub secret scanning, trufflehog-style tools, and policy-driven CI checks.

Timeline

  • 2017: GitHub repository created for Yelp/detect-secrets.
  • 2020: 0.14.x releases continued the pre-1.0 series.
  • 2022: 1.2.0 added CI and release-pipeline work plus new token detectors.
  • 2024: 1.5.0 added OS-agnostic baseline support and more modern token detectors.

Related projects

  • The project is commonly used with pre-commit-style hooks, CI pipelines, and other secret-scanning tools that enforce repository hygiene.

security posture

No protected-tool coverage found yet

No matching local secret-handling manifest was found for detect-secrets. Nucleus package metadata is still published here so future coverage has a stable package URL.

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Installs with 3 runtime dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
.secrets.baseline

executables

Installed executables

CommandKindExposureNote
detect-secretscliglobal executable
detect-secrets-hookcliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version1.5.0
manager updated2026-05-20
local dataok
upstreamnot checked
latest detectednot detected

https://github.com/Yelp/detect-secrets

install metadata

Package metadata

Package keybrew:detect-secrets
Version1.5.0
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/detect-secrets
Homepagehttps://github.com/Yelp/detect-secrets
Repositoryhttps://github.com/Yelp/detect-secrets
Upstream docshttps://github.com/Yelp/detect-secrets#readme
LicenseApache-2.0
Source archivehttps://files.pythonhosted.org/packages/69/67/382a863fff94eae5a0cf05542179169a1c49a4c8784a9480621e2066ca7d/detect_secrets-1.5.0.tar.gz
Last updated2026-05-20T12:50:03Z
Pulseupdated
Dependenciescertifi, libyaml, python@3.14
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namedetect-secrets
Version Scheme0
Revision9
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Nix95%

detect-secrets

nix profile install nixpkgs#detect-secrets
  • normalized package name match
  • Matched by: Detect Secrets
nixpkgs package indexes · raw.githubusercontent.com · nixpkgs package indexes: detect-secrets from https://raw.githubusercontent.com/NixOS/nixpkgs/master/pkgs/top-level/all-packages.nix

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment