Match the project to your task before installing it.
Customer Communication & Team Operations · Preview
detect-secrets
An enterprise friendly way of detecting and preventing secrets in code.
Best fitUsers who want source-backed project understanding before installing it.
Check whether this project matches your task before installing it.
What it can doskill, recipe, host_instruction, eval, preflightReview the portable capability path.
Before continuingVerify in a sandboxDo not treat a preview pack as a proven local install.
GitHub snapshot4.6k stars552 forks · 89 contributors
Doramagic.ai Last verification date: 2026-06-20 Verification method: source evidence, semantic profile, public page gate, and static build acceptance.
Preview status · 2026-06-20
What is detect-secrets?
- An enterprise friendly way of detecting and preventing secrets in code.
- Best fit: Users who want source-backed project understanding before installing it.
- Not for: Not for users who want to skip sandbox verification or cannot accept configuration, permission, or maintenance overhead.
- Capability added to an AI workflow: skill, recipe, host_instruction, eval, preflight
- First safe verification step: Verify the smallest path in an isolated environment and keep a rollback path.
- Verification state: source, Quick Start, and sandbox install checks are recorded as passed.
- Top risk: May increase setup, validation, or first-run risk for the user.
- Evidence base: https://github.com/Yelp/detect-secrets, https://github.com/Yelp/detect-secrets#readme, Human Manual, Pitfall Log
01
Quick decision
Use this section to decide whether the project is worth a deeper read.An enterprise friendly way of detecting and preventing secrets in code.
4.6k stars · 552 forks
02
What it can do
Translate the upstream project into concrete capabilities the user can judge before installing.Project Overview and System Architecture
Related topics: Plugins: Secret Detection Rules, Filters and Configuration Tuning, Workflows, CI Integration, and Operational Concerns
Source: https://github.com/Yelp/detect-secrets / Human Manual
Plugins: Secret Detection Rules
Related topics: Project Overview and System Architecture, Filters and Configuration Tuning
Source: https://github.com/Yelp/detect-secrets / Human Manual
Filters and Configuration Tuning
Related topics: Plugins: Secret Detection Rules, Workflows, CI Integration, and Operational Concerns
Source: https://github.com/Yelp/detect-secrets / Human Manual
Workflows, CI Integration, and Operational Concerns
Related topics: Project Overview and System Architecture, Plugins: Secret Detection Rules, Filters and Configuration Tuning
Source: https://github.com/Yelp/detect-secrets / Human Manual
Doramagic Pitfall Log
Source-linked risks stay visible on the manual page so the preview does not read like a recommendation.
Source: Doramagic discovery, validation, and Project Pack records
Sources: https://github.com/Yelp/detect-secrets, Human Manual, Project Pack evidence, and downstream validation signals.
03
Community Discussion Evidence
Project-level external discussion stays visible on the detail page, not only inside the manual.Community Discussion Evidence
11 source-linked itemsReview these external discussions before using detect-secrets with real data or production workflows. They are review inputs, not standalone proof that the project is production-ready.
-
01
detect-secrets not identifying all Github token occurrences in a file
github / github_issue
-
02
py.typed is in the published wheel but missing from the sdist — source i
github / github_issue
-
03
Extend keyword false positives for yaml/helm template syntax
github / github_issue
-
04
GitHubTokenDetector misses new GitHub App installation token format (ghs
github / github_issue
-
05
Still alive?
github / github_issue
-
06
v1.5.0
github / github_release
-
07
v1.4.0
github / github_release
-
08
v1.3.0
github / github_release
-
09
v1.2.0
github / github_release
-
10
v1.1.0
github / github_release
-
11
Security or permission risk requires verification
GitHub / issue
04
How to start
Only source-backed commands are shown here. Verify them in an isolated environment first.Try the prompt first
Test the workflow without installing the upstream project.
previewRead the Human Manual
Understand inputs, outputs, limits, and failure modes.
manualTake context to your AI host
Use the compiled assets in your preferred AI environment.
contextRun sandbox verification
Confirm install commands and rollback before using a primary environment.
verifypip install detect-secretsOfficial start command · https://github.com/Yelp/detect-secrets#readme · verified: yes
05
Human Manual
The English page must expose the real manual, not a short placeholder.8+ sections · Human Manual
detect-secrets Manual
An enterprise friendly way of detecting and preventing secrets in code.
Open the full manual- https://github.com/Yelp/detect-secrets Project Manual
- Table of Contents
- Project Overview and System Architecture
- Related Pages
- Purpose and Design Philosophy
- System Architecture
- Core Data Model
- Plugin Discovery and Matching
Project Overview and System Architecture
Related topics: Plugins: Secret Detection Rules, Filters and Configuration Tuning, Workflows, CI Integration, and Operational Concerns
Source: https://github.com/Yelp/detect-secrets / Human Manual
Plugins: Secret Detection Rules
Related topics: Project Overview and System Architecture, Filters and Configuration Tuning
Source: https://github.com/Yelp/detect-secrets / Human Manual
Filters and Configuration Tuning
Related topics: Plugins: Secret Detection Rules, Workflows, CI Integration, and Operational Concerns
Source: https://github.com/Yelp/detect-secrets / Human Manual
Workflows, CI Integration, and Operational Concerns
Related topics: Project Overview and System Architecture, Plugins: Secret Detection Rules, Filters and Configuration Tuning
Source: https://github.com/Yelp/detect-secrets / Human Manual
Doramagic Pitfall Log
Source-linked risks stay visible on the manual page so the preview does not read like a recommendation.
Source: Doramagic discovery, validation, and Project Pack records
06
AI Context Pack and portable assets
After deciding to continue, take the project context into your own AI host.Complete pack plus user-owned assets
These files are planning and verification assets for Claude Code, Codex, Gemini, Cursor, ChatGPT, and other AI hosts.
07
Preflight checks
Treat this page as a planning asset, not proof that your local environment is ready.- The manual is generated from source-linked project files and Doramagic validation signals.
- Community evidence warnings stay visible instead of being converted into marketing claims.
- This preview remains noindex and excluded from sitemap/llms citation targets until English quality and index gates pass.
- Use the upstream repository as the final authority for installation commands, license, and version-specific behavior.
08
Pitfall Log and verification risks
Doramagic surfaces high-risk items before users treat a candidate capability as verified.Installation risk requires verification
May increase setup, validation, or first-run risk for the user.
Security or permission risk requires verification
May increase setup, validation, or first-run risk for the user.
Security or permission risk requires verification
May increase setup, validation, or first-run risk for the user.
Installation risk requires verification
May increase setup, validation, or first-run risk for the user.
Capability evidence risk requires verification
May increase setup, validation, or first-run risk for the user.
Maintenance risk requires verification
May increase setup, validation, or first-run risk for the user.
Security or permission risk requires verification
May increase setup, validation, or first-run risk for the user.
Security or permission risk requires verification
May increase setup, validation, or first-run risk for the user.