Check Secrets
check_secretsScan source code for hardcoded secrets — cloud provider keys, API tokens, connection strings, private keys, and passwords — before they are committed. Supports Python, JavaScript, Java, Go, and more.
Instructions
Scan source code (or snippet) for hardcoded secrets — cloud provider keys, API tokens, connection strings, private keys, passwords. Supports Python, JavaScript, TypeScript, Java, Go, Ruby, Shell, Bash. Use to detect leaked credentials before commit; for injection detection use check_injection. Free: 30/hr, Pro: 500/hr. Returns {total, by_severity, findings}. No data stored. The generic password-assignment rule is suppressed when a more-specific credential rule fires on the same line — one targeted finding per leaked secret, not two.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| code | Yes | Source code string to scan for secrets (can be a single file or code snippet) | |
| language | No | Programming language of the code. Must be one of: python, javascript, typescript, java, go, ruby, shell, bash, generic. Use 'generic' if unsure. | generic |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
| result | Yes |