Skip to content

captainhookphp/secrets

Repository files navigation

CaptainHook Secrets

Latest Stable Version Minimum PHP Version Downloads License Build Status Twitter

This package is used to detect passwords in your code. Mainly to prevent you from committing them to your version control.

You can use the regular expressions provided by the classes under Regex\Supplier or make use of the included Detector class. You can easily create your own Supplier classes or open a pull-request if you think it would be useful to others.

Here are some usage examples:

Using Suppliers

$result = Detector::create()
         ->useSuppliers(
            Aws::class,
            Google::class,
            GitHub::class
        )->detectIn($myString)

if ($result->wasSecretDetected()) {
    echo "secret detected: " . implode(' ', $result->matches());
}

Using your custom regex

$result = Detector::create()
        ->useRegex('#password = "\\S"#i')
        ->detectIn($myString)

if ($result->wasSecretDetected()) {
    echo "secret detected: " . implode(' ', $result->matches());
}

The Detector also supports a white list

$result = Detector::create()
        ->useRegex('#password = "\\S"#i')
        ->allow('#root#')
        ->detectIn($myString)

if ($result->wasSecretDetected()) {
    echo "secret detected: " . implode(' ', $result->matches());
}