NHacker Next
  • new
  • past
  • show
  • ask
  • show
  • jobs
  • submit
Show HN: I built a tool that helps people scan and clean any repo for secrets (securelog.com)
nonamepcbrand1 257 days ago [-]
Trufflehog does good job and GitGuardian is amazing. Whats new with yours?

p.s: i have contributed to those projects in past

lexokoh 257 days ago [-]
We built customized components for RSC and Logs. You should check it out. It's a bit different from what's out there, and this is from the feedback we got from the team we are working with.
lexokoh 257 days ago [-]
Would really love your feedback and you can contribute as well
nonamepcbrand1 257 days ago [-]
Sounds good! will take a look soon :)
mvdtnz 257 days ago [-]
I tried scanning one repository (gitlab/gitlab) and it spun for a couple of minutes then failed with "Network Error." No other error details are available.
lexokoh 257 days ago [-]
Sorry about that. Is it a private or large repo? If so, you need to scan it from the CLI.

I am checking if there's any issue right now.

thih9 257 days ago [-]
> Is it a private or large repo?

I entered "rtyley/small-test-repo" which is public and small - and also got "Request failed with status code 400. Try again".

lexokoh 257 days ago [-]
Yah, server overload for the web version. Taking a look now. Sorry about that.

You can try again. I just tried it

mvdtnz 257 days ago [-]
Yes gitlab/gitlab is a large repo.
lexokoh 257 days ago [-]
Just run `npx securelog-scan` locally on the repo. You don't need to install it if you don't want to.
trees101 257 days ago [-]
it would be handy in the age of AI, to be able to dynamically scrub data that gets copied/pasted into the AI.

It's too easy to leak secrets, or even doxx yourself through file paths containing your name etc.

I'd love to find a tool that made scrubbing that data easy

richbell 257 days ago [-]
This is sort-of describing https://docs.private-ai.com/webdemo/
trees101 257 days ago [-]
thanks, that is close!
nonamepcbrand1 257 days ago [-]
As a security engineer, I started building this tool but my feedback was so poor that no one cared pasting secrets, personal data into LLM chats.
lexokoh 257 days ago [-]
We are working on this for the next release happy to get your feedback on it if it's possible
trees101 257 days ago [-]
Great. I implemented my own simple prototype, a python script that edits my clipboard. I used the pyperclip module and a yaml file with a list of key words to substitute. Substitution is necessary rather than removal, so that the AI's responses are still useful.

I got basic functions working but there are some nice-to-have things missing.

E.g. bidirectional info preservation. Ideally if i change /my_full_name/ file path, I want it to be translated to /john_doe/ and when the LLM gives back its response, I want to be able to paste /my_full_name/ back.

Also, preferably it would be highly automated, where I have to manually run my script to edit my clipboard. Also, nice to have it work for non manual cases such as when using aider-chat.

Further down the line, automated redaction of screenshots.

lexokoh 257 days ago [-]
This is great. I am happy to collaborate. If you fill out the contact form on the site, I'll contact you to try it out. Or open an issue.
zricethezav 257 days ago [-]
looks familiar
nonamepcbrand1 257 days ago [-]
there comes trufflehog contributor :P
robinhoodexe 257 days ago [-]
A similar tool is detect-secrets[1].

[1] https://github.com/Yelp/detect-secrets

defrost 257 days ago [-]
Also similar, Pillager (or Gitleaks) is worth having on the sanity checklist

https://github.com/brittonhayes/pillager

https://terminaltrove.com/pillager/ <-- TerminalTrove is worth regularly checking.

    powerful rules functionality to recursively search directories for sensitive information in files. 

    At it's core, Pillager is designed to assist you in determining if a system is affected by common sources of credential leakage as documented by the MITRE ATT&CK framework.
Good for catching those Oops I deployed the company password list again SNAFU's. reply
lexokoh 257 days ago [-]
Nice, i like some of the concepts.
257 days ago [-]
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact
Rendered at 00:22:50 GMT+0000 (Coordinated Universal Time) with Vercel.