git.99rst.org Git - sgasser-llm-shield.git/commit

author	Max Wolf <redacted>
	Mon, 12 Jan 2026 15:02:29 +0000 (16:02 +0100)
committer	GitHub <redacted>
	Mon, 12 Jan 2026 15:02:29 +0000 (16:02 +0100)
commit	a1d0db797a7feb1c70e2b181f0a26762ab196fc5
tree	3104430441e770b6fdecb46db5fa318e95f961a1	tree \| snapshot
parent	1c206687bc3ed193008b1493c87a7690a7901e35	commit \| diff

Add environment variable credential detection (#19)

* Add PatternDetector and DetectionResult interfaces for secrets detection registry

* Move pattern detection utility to new patterns/utils.ts module

* Refactor secrets detection using a registry system

- Create privateKeysDetector, apiKeysDetector, tokensDetector modules
- Refactor detectSecrets() to use the pattern registry
- Re-export types from detect.ts for backwards compatibility

* Change default secrets_detection action to redaction

Hint: The example config still shows `action: block` explicitly, with a comment noting
that `redact` is the default action if not specified

* Implement new pattern detector and add corresponding SecretEntityType options

* Register new detector and extend test suite accordingly

* Add new entity types to config.ts

* Update docs and example config

* Add environment variables section to secrets detection docs

---------

Co-authored-by: Stefan Gasser <redacted>

README.md		diff \| blob \| history
config.example.yaml		diff \| blob \| history
docs/concepts/secrets-detection.mdx		diff \| blob \| history
docs/configuration/secrets-detection.mdx		diff \| blob \| history
docs/introduction.mdx		diff \| blob \| history
src/config.ts		diff \| blob \| history
src/secrets/detect.test.ts		diff \| blob \| history
src/secrets/detect.ts		diff \| blob \| history
src/secrets/patterns/env-vars.ts	[new file with mode: 0644]	blob
src/secrets/patterns/index.ts		diff \| blob \| history
src/secrets/patterns/types.ts		diff \| blob \| history
src/secrets/patterns/utils.ts		diff \| blob \| history