macOS
brew install detect-secretslocal Homebrew formula metadata
brew
Enterprise friendly way of detecting and preventing secrets in code. Version 1.5.0 via Homebrew; verified 2026-05-20.
install
brew install detect-secretslocal Homebrew formula metadata
nix profile install nixpkgs#detect-secretsnixpkgs package indexes · detect-secrets · source: raw.githubusercontent.com
overview
Enterprise friendly way of detecting and preventing secrets in code
history
detect-secrets is Yelp's open-source command-line scanner for finding secrets in code and, more importantly, preventing newly introduced secrets from entering a repository. Its README describes the baseline workflow as a way to accept existing findings while blocking new ones.
The GitHub repository was created in December 2017, and the README presents the tool as enterprise-friendly secret detection. Its changelog shows continued 1.x releases through 2024, including new detectors for GitLab, Telegram, PyPI, OpenAI, and IP addresses, plus support for newer Python versions.
detect-secrets was designed for large repositories where immediately removing every old secret-like value may be impractical. The baseline model helped it fit pre-commit hooks and CI workflows: teams generate .secrets.baseline, audit it, and then use detect-secrets-hook or scans to catch new findings.
The standard package-manager workflow is to install the CLI, run detect-secrets scan into .secrets.baseline, and wire detect-secrets-hook into staged-file or tracked-file checks. The README also documents auditing the baseline and tuning detectors and filters for local policy.
Package nerds care about detect-secrets because it is a practical DevSecOps CLI with a persistent config artifact rather than a one-shot grep-like scanner. It sits alongside pre-commit, GitHub secret scanning, trufflehog-style tools, and policy-driven CI checks.
security posture
No matching local secret-handling manifest was found for detect-secrets. Nucleus package metadata is still published here so future coverage has a stable package URL.
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Config paths the tool may read or write during local use.
.secrets.baselineexecutables
| Command | Kind | Exposure | Note |
|---|---|---|---|
detect-secrets | cli | global executable | |
detect-secrets-hook | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://github.com/Yelp/detect-secrets
install metadata
| Package key | brew:detect-secrets |
|---|---|
| Version | 1.5.0 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/detect-secrets |
| Homepage | https://github.com/Yelp/detect-secrets |
| Repository | https://github.com/Yelp/detect-secrets |
| Upstream docs | https://github.com/Yelp/detect-secrets#readme |
| License | Apache-2.0 |
| Source archive | https://files.pythonhosted.org/packages/69/67/382a863fff94eae5a0cf05542179169a1c49a4c8784a9480621e2066ca7d/detect_secrets-1.5.0.tar.gz |
| Last updated | 2026-05-20T12:50:03Z |
| Pulse | updated |
| Dependencies | certifi, libyaml, python@3.14 |
| Bottle | available (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | detect-secrets |
| Version Scheme | 0 |
| Revision | 9 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
detect-secrets
nix profile install nixpkgs#detect-secretssource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.