CLI
# You can also do all of the above in one single command.
$ ggshield hmsl check secrets.txt
Collecting secrets...
Collected 3 secrets.
Querying HasMySecretLeaked...
97 credits left for today.
Found 2 leaked secrets.
> Secret 1
Secret name: "hjshnk5**************************89sjkja"
Secret hash: "e9b39209f72228f30b60c19493a3f756ac97dc02ae7f52db2a3abbe3c3269339"
Distinct locations: 96
First occurrence:
URL: "https://github.com/ChrisJStone/gitflow-cjs/commit/1c9b5b4286361ee88d64305e5a0080f03570cc5e#diff-02557643ffc95ebd4d6d5a96c612319db32179d87b36cb1f78d2f4305c80b994R10"
> Secret 2
Secret name: "sup3*************orGG"
Secret hash: "d775db0302080c1b7516109e929dd4b214a0f353ed3b66ff2e56c47d55a102ed"
Distinct locations: 33
First occurrence:
URL: "https://github.com/akansha-nec/Sample2/commit/b06ae6b5e0869657faff9aef37fe2a1afc39370f#diff-9d6176320759464781692ac6ec7d84d987716bad52218e13ac3219c6004e630fR4"
Audit Every Secret You Own
Right From Your Terminal
# Here, secrets.txt is a text file containing a list of 3 secrets values.
$ ggshield hmsl check secrets.txt
Collecting secrets...
Collected 3 secrets.
Querying HasMySecretLeaked...
97 credits left for today.
Found 2 leaked secrets.
> Secret 1
Secret name: "ggt***********kbf"
Secret hash: "e9b39209f72228f30b60c19493a3f756ac97dc02ae7f52db2a3abbe3c3269339"
Distinct locations: 1
First occurrence:
URL: "https://github.com/GitGuardian/ggshield/commit/394b160c36f42aee3b0d4b84ed70eb58e646046f"
> Secret 2
Secret name: "ggt***********jfa"
Secret hash: "d775db0302080c1b7516109e929dd4b214a0f353ed3b66ff2e56c47d55a102ed"
Distinct locations: 1
First occurrence:
URL: "https://github.com/GitGuardian/ggshield/commit/ada1b96da53c23f1dfe956fff902c33ff55afd15"
# Here, secrets.txt is a text file containing a list of 3 secrets values.
$ ggshield hmsl fingerprint secrets.txt
payload.txt and mapping.txt files have been written.
Prepared 3 secrets.
# Here, payload.txt is a text file containing a five-character long prefix of each hashed value of the secrets initially provided in secrets.txt (see previous command). Only this file is shared with GitGuardian.
$ ggshield hmsl query payload.txt > results.dump
97 credits left for today.
Audited 3 secrets in total for leaks.
# Here, results.dump is the file returned by GitGuardian and contains potential matches of the audited secrets (see previous command). All the content of results.dump is encrypted and can only be decrypted locally in the user’s environment.
$ ggshield hmsl decrypt results.dump
Found 2 leaked secrets.
> Secret 1
Secret name: "ggt***********kbf"
Secret hash: "e9b39209f72228f30b60c19493a3f756ac97dc02ae7f52db2a3abbe3c3269339"
Distinct locations: 1
First occurrence:
URL: "https://github.com/GitGuardian/ggshield/commit/ada1b96da53c23f1dfe956fff902c33ff55afd15"
> Secret 2
Secret name: "ggt***********jfa"
Secret hash: "d775db0302080c1b7516109e929dd4b214a0f353ed3b66ff2e56c47d55a102ed"
Distinct locations: 1
First occurrence:
URL: "https://github.com/GitGuardian/ggshield/commit/42f8f8a16deb779fbf7e67332f24ad32f3572459"
$ ❯ git commit -m "feature(orders): Add order queue management"
GitGuardian Shield (pre commit)..........................................Failed
- hook id: ggshield
- exit code: 1
secrets-engine-version: 2.51.0
🛡️ ⚔️ 🛡️ 1 incident has been found in file orders.py
>>> Incident 1(Secrets detection): AWS API key (Ignore with SHA: 2eab1e1e97dc27060c45fae8c96507cb9b8f1fa0821af4326da9cda3bda546f9) (1 occurrence)
8 8 | import log…
9 9 | …
10 | …aws_key = "xoxb-18**********-*****************4i99vs5"…
|_________________apikey_________________|
10 | test_…
11 11 | …