Back to components

CLI

Hmsl - CLI Content
Copy Component

# You can also do all of the above in one single command.

$ ggshield hmsl check secrets.txt

Collecting secrets...

Collected 3 secrets.

Querying HasMySecretLeaked...

97 credits left for today.

Found 2 leaked secrets.

> Secret 1

Secret name: "hjshnk5**************************89sjkja"

Secret hash: "e9b39209f72228f30b60c19493a3f756ac97dc02ae7f52db2a3abbe3c3269339"

Distinct locations: 96

First occurrence:

    URL: "https://github.com/ChrisJStone/gitflow-cjs/commit/1c9b5b4286361ee88d64305e5a0080f03570cc5e#diff-02557643ffc95ebd4d6d5a96c612319db32179d87b36cb1f78d2f4305c80b994R10" 

> Secret 2

Secret name: "sup3*************orGG"

Secret hash: "d775db0302080c1b7516109e929dd4b214a0f353ed3b66ff2e56c47d55a102ed"

Distinct locations: 33

First occurrence:

    URL: "https://github.com/akansha-nec/Sample2/commit/b06ae6b5e0869657faff9aef37fe2a1afc39370f#diff-9d6176320759464781692ac6ec7d84d987716bad52218e13ac3219c6004e630fR4"

HMSL - CLI Tabs
Copy Component

Audit Every Secret You Own
Right From Your Terminal

# Here, secrets.txt is a text file containing a list of 3 secrets values.

$ ggshield hmsl check secrets.txt

Collecting secrets...

Collected 3 secrets.

Querying HasMySecretLeaked...

97 credits left for today.

Found 2 leaked secrets.

> Secret 1

Secret name: "ggt***********kbf"

Secret hash: "e9b39209f72228f30b60c19493a3f756ac97dc02ae7f52db2a3abbe3c3269339"

Distinct locations: 1

First occurrence:

    URL: "https://github.com/GitGuardian/ggshield/commit/394b160c36f42aee3b0d4b84ed70eb58e646046f

> Secret 2

Secret name: "ggt***********jfa"

Secret hash: "d775db0302080c1b7516109e929dd4b214a0f353ed3b66ff2e56c47d55a102ed"

Distinct locations: 1

First occurrence:

    URL: "https://github.com/GitGuardian/ggshield/commit/ada1b96da53c23f1dfe956fff902c33ff55afd15"

# Here, secrets.txt is a text file containing a list of 3 secrets values.

$ ggshield hmsl fingerprint secrets.txt

payload.txt and mapping.txt files have been written.

Prepared 3 secrets.

# Here, payload.txt is a text file containing a five-character long prefix of each hashed value of the secrets initially provided in secrets.txt (see previous command). Only this file is shared with GitGuardian.

$ ggshield hmsl query payload.txt > results.dump

97 credits left for today.

Audited 3 secrets in total for leaks.

# Here, results.dump is the file returned by GitGuardian and contains potential matches of the audited secrets (see previous command). All the content of results.dump is encrypted and can only be decrypted locally in the user’s environment. 

$ ggshield hmsl decrypt results.dump

Found 2 leaked secrets.

> Secret 1

Secret name: "ggt***********kbf"

Secret hash: "e9b39209f72228f30b60c19493a3f756ac97dc02ae7f52db2a3abbe3c3269339"

Distinct locations: 1

First occurrence:

    URL: "https://github.com/GitGuardian/ggshield/commit/ada1b96da53c23f1dfe956fff902c33ff55afd15"

> Secret 2

Secret name: "ggt***********jfa"

Secret hash: "d775db0302080c1b7516109e929dd4b214a0f353ed3b66ff2e56c47d55a102ed"

Distinct locations: 1

First occurrence:

    URL: "https://github.com/GitGuardian/ggshield/commit/42f8f8a16deb779fbf7e67332f24ad32f3572459"

PERSONA Page __GG Shield CLI Demo
Copy Component

$ ❯ git commit -m "feature(orders): Add order queue management"
GitGuardian Shield (pre commit)..........................................Failed
- hook id: ggshield
- exit code: 1

secrets-engine-version: 2.51.0

🛡️  ⚔️  🛡️  1 incident has been found in file orders.py

>>> Incident 1(Secrets detection): AWS API key (Ignore with SHA: 2eab1e1e97dc27060c45fae8c96507cb9b8f1fa0821af4326da9cda3bda546f9) (1 occurrence)
8  8 | import log…
9  9 | …
10    | …aws_key = "xoxb-18**********-*****************4i99vs5"
                   |_________________apikey_________________|
  10 | test_…
11 11 | …